danko
2011-06-12, 11:59
Hi,
I recently ran an ESET NOD32 Antivirus scan and found a Win32/Olmarik.AJL trojan on my system. I have tried several tools like ESET, Malwarebytes' Anti-Malware, etc., but nothing has helped. I have seen some explanation (on web and on this site) about how to get rid of this, but applying similar steps didn't help.
Please, can anyone send some advice or help with this!
thanks
here are logs (dds.txt and attach.txt)
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Danijel at 12:00:08 on 2011-06-12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2888 [GMT 2:00]
.
AV: ESET NOD32 antivirus system 2.70 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe -k DcomLaunch
D:\WINDOWS\system32\svchost.exe -k rpcss
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
D:\WINDOWS\system32\svchost.exe -k NetworkService
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Google\Google Talk\googletalk.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\aadrive32.exe
D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
D:\WINDOWS\system32\svchost.exe -k bthsvcs
D:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Eset\nod32krn.exe
D:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
D:\Documents and Settings\Danijel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Danijel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Danijel\Application Data\14.tmp
D:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.hr/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mWinlogon: Taskman=c:\recycler\r-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [uTorrent] "d:\program files\utorrent\uTorrent.exe"
uRun: [PC Suite Tray] "d:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [Tnaww] c:\recycler\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
mRun: [PWRISOVM.EXE] d:\program files\poweriso\PWRISOVM.EXE
mRun: [nod32kui] "d:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [nwiz] d:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [googletalk] d:\program files\google\google talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [Microsoft Driver Setup] d:\windows\aadrive32.exe
mExplorerRun: [Microsoft Driver Setup] d:\windows\aadrive32.exe
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: d:\windows\system32\imon.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www.freerealms.com/gamedata/FreeRealmsInstaller.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229545619203
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229545605515
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxps://asp.photoprintit.de/microsite/5913/defaults/activex/ips/IPSUploader4.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxps://asp.photoprintit.de/microsite/5913/defaults/activex/IPSUploader.cab
TCP: Interfaces\{96BF632A-1179-4C26-974F-5A73F3768365} : DhcpNameServer = 83.139.80.50
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\wpdshserviceobj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - d:\program files\fences\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 d346bus;d346bus;d:\windows\system32\drivers\d346bus.sys [2008-3-28 156800]
R0 d346prt;d346prt;d:\windows\system32\drivers\d346prt.sys [2008-3-28 5248]
R1 nod32drv;nod32drv;d:\windows\system32\drivers\nod32drv.sys [2008-2-8 15424]
R2 NOD32krn;NOD32 Kernel Service;d:\program files\eset\nod32krn.exe [2008-2-8 549256]
R2 SBKUPNT;SBKUPNT;d:\windows\system32\drivers\SBKUPNT.SYS [2010-10-18 14976]
R3 3xHybrid;ASUSTek SAA713x PCI Card;d:\windows\system32\drivers\3xHybrid.sys [2008-1-5 2831232]
S2 vfyxr;Network Time;d:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-25 25832]
S3 epmntdrv;epmntdrv;d:\windows\system32\epmntdrv.sys [2010-10-19 13192]
S3 EuGdiDrv;EuGdiDrv;d:\windows\system32\EuGdiDrv.sys [2010-10-19 8456]
S3 KoneFltr;ROCCAT Kone;d:\windows\system32\drivers\kone.sys --> d:\windows\system32\drivers\Kone.sys [?]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;d:\windows\system32\drivers\whfltr2k.sys [2007-1-26 6784]
.
=============== Created Last 30 ================
.
2011-06-12 09:57:57 95744 ----a-w- d:\documents and settings\danijel\application data\14.tmp
2011-06-12 09:57:54 132608 ----a-w- d:\documents and settings\danijel\application data\11.tmp
2011-06-12 09:41:15 95744 ----a-w- d:\documents and settings\danijel\application data\1F.tmp
2011-06-12 09:41:11 93184 ----a-w- d:\documents and settings\danijel\application data\1D.tmp
2011-06-12 09:41:07 132608 ----a-w- d:\documents and settings\danijel\application data\1A.tmp
2011-06-12 09:35:56 97792 ----a-w- d:\windows\system32\61.exe
2011-06-12 09:32:03 116224 ----a-w- d:\documents and settings\danijel\dddqj.exe
2011-06-12 09:31:59 95744 ----a-w- d:\documents and settings\danijel\application data\10.tmp
2011-06-12 09:31:56 132608 ----a-w- d:\documents and settings\danijel\application data\E.tmp
2011-06-12 08:45:54 116224 ----a-w- d:\documents and settings\danijel\ddqj.exe
2011-06-12 08:45:48 95744 ----a-w- d:\documents and settings\danijel\application data\36.tmp
2011-06-12 08:45:44 132608 ----a-w- d:\documents and settings\danijel\application data\26.tmp
2011-06-11 14:07:46 47104 ----a-w- d:\documents and settings\danijel\application data\C3.tmp
2011-06-11 14:07:45 130560 --sh--r- d:\windows\aadrive32.exe
2011-06-11 14:07:42 130560 ----a-w- d:\documents and settings\danijel\application data\C0.tmp
2011-06-11 14:07:39 48640 ----a-w- d:\documents and settings\danijel\application data\BA.tmp
2011-06-10 08:43:50 103424 ----a-w- d:\windows\system32\60.exe
2011-06-10 08:42:59 103424 ----a-w- d:\windows\system32\28.exe
2011-06-09 16:22:46 -------- d-----w- D:\TDSSKiller_Quarantine
2011-06-09 16:05:36 73728 ----a-w- d:\windows\system32\javacpl.cpl
2011-06-09 16:05:36 472808 ----a-w- d:\windows\system32\deployJava1.dll
2011-06-09 15:17:05 98816 ----a-w- d:\windows\sed.exe
2011-06-09 15:17:05 518144 ----a-w- d:\windows\SWREG.exe
2011-06-09 15:17:05 256512 ----a-w- d:\windows\PEV.exe
2011-06-09 15:17:05 208896 ----a-w- d:\windows\MBR.exe
2011-05-29 07:06:11 -------- d-----w- d:\documents and settings\danijel\application data\go
2011-05-29 07:06:10 -------- d-----w- d:\documents and settings\all users.windows\application data\Easybits GO
2011-05-17 20:39:35 -------- d-----w- d:\documents and settings\danijel\application data\Phantasmat_bf_ce1
.
==================== Find3M ====================
.
2011-05-29 07:11:30 39984 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11:20 22712 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-04-09 11:31:24 1 ----a-w- d:\windows\system32\SI.bin
.
============= FINISH: 12:01:26,42 ===============
I recently ran an ESET NOD32 Antivirus scan and found a Win32/Olmarik.AJL trojan on my system. I have tried several tools like ESET, Malwarebytes' Anti-Malware, etc., but nothing has helped. I have seen some explanation (on web and on this site) about how to get rid of this, but applying similar steps didn't help.
Please, can anyone send some advice or help with this!
thanks
here are logs (dds.txt and attach.txt)
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Danijel at 12:00:08 on 2011-06-12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2888 [GMT 2:00]
.
AV: ESET NOD32 antivirus system 2.70 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe -k DcomLaunch
D:\WINDOWS\system32\svchost.exe -k rpcss
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
D:\WINDOWS\system32\svchost.exe -k NetworkService
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Google\Google Talk\googletalk.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\aadrive32.exe
D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
D:\WINDOWS\system32\svchost.exe -k bthsvcs
D:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Eset\nod32krn.exe
D:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
D:\Documents and Settings\Danijel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Danijel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Danijel\Application Data\14.tmp
D:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.hr/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mWinlogon: Taskman=c:\recycler\r-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [uTorrent] "d:\program files\utorrent\uTorrent.exe"
uRun: [PC Suite Tray] "d:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [Tnaww] c:\recycler\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
mRun: [PWRISOVM.EXE] d:\program files\poweriso\PWRISOVM.EXE
mRun: [nod32kui] "d:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [nwiz] d:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [googletalk] d:\program files\google\google talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [Microsoft Driver Setup] d:\windows\aadrive32.exe
mExplorerRun: [Microsoft Driver Setup] d:\windows\aadrive32.exe
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: d:\windows\system32\imon.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www.freerealms.com/gamedata/FreeRealmsInstaller.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229545619203
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229545605515
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxps://asp.photoprintit.de/microsite/5913/defaults/activex/ips/IPSUploader4.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxps://asp.photoprintit.de/microsite/5913/defaults/activex/IPSUploader.cab
TCP: Interfaces\{96BF632A-1179-4C26-974F-5A73F3768365} : DhcpNameServer = 83.139.80.50
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\wpdshserviceobj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - d:\program files\fences\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 d346bus;d346bus;d:\windows\system32\drivers\d346bus.sys [2008-3-28 156800]
R0 d346prt;d346prt;d:\windows\system32\drivers\d346prt.sys [2008-3-28 5248]
R1 nod32drv;nod32drv;d:\windows\system32\drivers\nod32drv.sys [2008-2-8 15424]
R2 NOD32krn;NOD32 Kernel Service;d:\program files\eset\nod32krn.exe [2008-2-8 549256]
R2 SBKUPNT;SBKUPNT;d:\windows\system32\drivers\SBKUPNT.SYS [2010-10-18 14976]
R3 3xHybrid;ASUSTek SAA713x PCI Card;d:\windows\system32\drivers\3xHybrid.sys [2008-1-5 2831232]
S2 vfyxr;Network Time;d:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-25 25832]
S3 epmntdrv;epmntdrv;d:\windows\system32\epmntdrv.sys [2010-10-19 13192]
S3 EuGdiDrv;EuGdiDrv;d:\windows\system32\EuGdiDrv.sys [2010-10-19 8456]
S3 KoneFltr;ROCCAT Kone;d:\windows\system32\drivers\kone.sys --> d:\windows\system32\drivers\Kone.sys [?]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;d:\windows\system32\drivers\whfltr2k.sys [2007-1-26 6784]
.
=============== Created Last 30 ================
.
2011-06-12 09:57:57 95744 ----a-w- d:\documents and settings\danijel\application data\14.tmp
2011-06-12 09:57:54 132608 ----a-w- d:\documents and settings\danijel\application data\11.tmp
2011-06-12 09:41:15 95744 ----a-w- d:\documents and settings\danijel\application data\1F.tmp
2011-06-12 09:41:11 93184 ----a-w- d:\documents and settings\danijel\application data\1D.tmp
2011-06-12 09:41:07 132608 ----a-w- d:\documents and settings\danijel\application data\1A.tmp
2011-06-12 09:35:56 97792 ----a-w- d:\windows\system32\61.exe
2011-06-12 09:32:03 116224 ----a-w- d:\documents and settings\danijel\dddqj.exe
2011-06-12 09:31:59 95744 ----a-w- d:\documents and settings\danijel\application data\10.tmp
2011-06-12 09:31:56 132608 ----a-w- d:\documents and settings\danijel\application data\E.tmp
2011-06-12 08:45:54 116224 ----a-w- d:\documents and settings\danijel\ddqj.exe
2011-06-12 08:45:48 95744 ----a-w- d:\documents and settings\danijel\application data\36.tmp
2011-06-12 08:45:44 132608 ----a-w- d:\documents and settings\danijel\application data\26.tmp
2011-06-11 14:07:46 47104 ----a-w- d:\documents and settings\danijel\application data\C3.tmp
2011-06-11 14:07:45 130560 --sh--r- d:\windows\aadrive32.exe
2011-06-11 14:07:42 130560 ----a-w- d:\documents and settings\danijel\application data\C0.tmp
2011-06-11 14:07:39 48640 ----a-w- d:\documents and settings\danijel\application data\BA.tmp
2011-06-10 08:43:50 103424 ----a-w- d:\windows\system32\60.exe
2011-06-10 08:42:59 103424 ----a-w- d:\windows\system32\28.exe
2011-06-09 16:22:46 -------- d-----w- D:\TDSSKiller_Quarantine
2011-06-09 16:05:36 73728 ----a-w- d:\windows\system32\javacpl.cpl
2011-06-09 16:05:36 472808 ----a-w- d:\windows\system32\deployJava1.dll
2011-06-09 15:17:05 98816 ----a-w- d:\windows\sed.exe
2011-06-09 15:17:05 518144 ----a-w- d:\windows\SWREG.exe
2011-06-09 15:17:05 256512 ----a-w- d:\windows\PEV.exe
2011-06-09 15:17:05 208896 ----a-w- d:\windows\MBR.exe
2011-05-29 07:06:11 -------- d-----w- d:\documents and settings\danijel\application data\go
2011-05-29 07:06:10 -------- d-----w- d:\documents and settings\all users.windows\application data\Easybits GO
2011-05-17 20:39:35 -------- d-----w- d:\documents and settings\danijel\application data\Phantasmat_bf_ce1
.
==================== Find3M ====================
.
2011-05-29 07:11:30 39984 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11:20 22712 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-04-09 11:31:24 1 ----a-w- d:\windows\system32\SI.bin
.
============= FINISH: 12:01:26,42 ===============