mvela
2011-04-07, 22:46
hello my friend,
How i can remove olmarik.ajl troian on mbr of my disk?
Thank you for your help.
dds log:
DDS (Ver_11-03-05.01) - NTFSx86
Run by mvela at 21.31.57,94 on 07/04/2011
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Business N 6.0.6000.0.1252.39.1040.18.2039.701 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\DWRCS.EXE
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\PAStiSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Windows\system32\DWRCST.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Windows\SMINST\scheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHosttr.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\MemoRex\MemoRex.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Users\r.trovato\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uDefault_Page_URL = hxxp://intranet/sites/intranet/default.aspx
mStart Page = about:blank
mDefault_Page_URL = hxxp://intranet/sites/intranet/default.aspx
uInternet Settings,ProxyServer = 10.1.8.14:8080
uInternet Settings,ProxyOverride = 10.*;*.sielte.it;*.dre;*.grupo-stc.es;*.sielte.com;<local>
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,"c:\program files\microsoft application virtualization client\sftdcc.exe"
BHO: Supporto di collegamento per Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Waiting1690] c:\windows\stid1690.exe
mRun: [PCSuiteTrayApplication] c:\progra~1\nokia\nokiap~1\LAUNCH~1.EXE -startup
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [MemoREX] "c:\program files\memorex\MemoRexStart.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [LogitechSetup] d:\setup\Setup.exe /restart /l:ita
mRun: [Norton Ghost 15.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SoftGridTray] "c:\program files\microsoft application virtualization client\SFTTray.exe" /autostart
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe
mRunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
dRun: [WCkvgdplDVpcLni] c:\programdata\WCkvgdplDVpcLni.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gestio~1.lnk - c:\program files\microsoft firewall client 2004\FwcMgmt.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scmon.lnk - c:\windows\system32\SISCMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\microsoft firewall client 2004\FwcWsp.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://srvav01:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://srvav01:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://srvav01:4343/officescan/console/html/root/AtxEnc.cab
DPF: {4819DFDF-ABC4-488C-A323-919848C51175} - hxxp://portal3.rinera.com/download/RineraProxy-1.4.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {29BBCE86-BE8C-43E1-B313-5B609804B4FB} = 86.64.145.40,212.30.96.108
TCP: {AD2ECA73-EACD-4FB6-9E25-2FEF067FEB4B} = 86.64.145.140,212.30.98.108
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: DeviceNP - DeviceNP.dll
Notify: gmecoss - c:\windows\system32\config\systemprofile\appdata\local\gmecoss.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ASWLNPkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\r8413~1.tro\appdata\roaming\mozilla\firefox\profiles\yrzuk222.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\r.trovato\appdata\roaming\mozilla\firefox\profiles\yrzuk222.default\extensions\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\r.trovato\appdata\roaming\mozilla\firefox\profiles\yrzuk222.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar_IT Community Toolbar: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - %profile%\extensions\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}
FF - Ext: Add N Edit Cookies: {038dc421-b19e-4711-a218-1fd10de9163b} - %profile%\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}
FF - Ext: Add to Search Bar: add-to-searchbox@maltekraus.de - %profile%\extensions\add-to-searchbox@maltekraus.de
FF - Ext: NoSquint: nosquint@urandom.ca - %profile%\extensions\nosquint@urandom.ca
FF - Ext: Tab Progress Bar: tabprogressbar@studio17.wordpress.com - %profile%\extensions\tabprogressbar@studio17.wordpress.com
FF - Ext: KwiClick: vinceturk@gmail.com - %profile%\extensions\vinceturk@gmail.com
FF - Ext: Resurrect Pages: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3} - %profile%\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
FF - Ext: TweakMDB: {15a82062-5139-4855-9706-130a8a4be80c} - %profile%\extensions\{15a82062-5139-4855-9706-130a8a4be80c}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: Context Search: {902D2C4A-457A-4EF9-AD43-7014562929FF} - %profile%\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}
FF - Ext: LinkExtend: {cf47767d-5f3a-4e32-9fce-5d79565c9702} - %profile%\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: HttpFox: {4093c4de-454a-4329-8aff-c6b0b123c386} - %profile%\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}
.
============= SERVICES / DRIVERS ===============
.
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R2 ASBroker;Operatore della sessione di accesso;c:\windows\system32\svchost.exe -k Cognizance [2006-11-2 22016]
R2 ASChannel;Canale di comunicazione locale;c:\windows\system32\svchost.exe -k Cognizance [2006-11-2 22016]
R2 FwcAgent;Agente client firewall;c:\program files\microsoft firewall client 2004\FwcAgent.exe [2006-12-9 128832]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 26168]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-7-23 447848]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-11-6 2011944]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-3-22 57424]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2007-6-12 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2007-6-12 36432]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2009-9-21 46192]
R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSlh.sys [2009-7-23 543080]
R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplaylh.sys [2009-7-23 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-7-23 21864]
R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVollh.sys [2009-7-23 14696]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-7-23 203624]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2009-9-21 1964528]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2007-4-27 689416]
S2 ALGodserv;Servizio Gateway di livello applicazione ALGodserv;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 AppinfoCVPND;Informazioni applicazioni AppinfoCVPND;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 Audiosrvdot3svc;Audio di Windows Audiosrvdot3svc;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 CryptSvchpsrvTeamViewer5MMCSS;Servizi di crittografia CryptSvchpsrvTeamViewer5MMCSS;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 CryptSvcLVSrvLauncher;Servizi di crittografia CryptSvcLVSrvLauncher;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 Dhcpodserv;Client DHCP Dhcpodserv;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 EMDMgmtCom4Qlb;ReadyBoost EMDMgmtCom4Qlb;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 EMDMgmtPNRPsvc;ReadyBoost EMDMgmtPNRPsvc;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-11 136176]
S2 hpsrvPlugPlayASChannel;HP Service hpsrvPlugPlayASChannel;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 hpsrvSSDPSRV;HP Service hpsrvSSDPSRV;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 hpsrvTeamViewer5;HP Service hpsrvTeamViewer5;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 hpsrvTeamViewer5MMCSS;HP Service hpsrvTeamViewer5 hpsrvTeamViewer5MMCSS;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 hpsrvTeamViewer5MMCSSfdPHost;HP Service hpsrvTeamViewer5 hpsrvTeamViewer5MMCSS hpsrvTeamViewer5MMCSSfdPHost;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 lmhostsThemesTabletInputService;Helper NetBIOS di TCP/IP lmhostsThemesTabletInputService;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 MMCSSTrkWks;Utilità di pianificazione classi multimediali MMCSSTrkWks;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 MSCamSvcKtmRm;MSCamSvc MSCamSvcKtmRm;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 NetTcpPortSharingmsiserver;Servizio di condivisione porte Net.Tcp NetTcpPortSharingmsiserver;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 PlugPlayASChannel;Plug and Play PlugPlayASChannel;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 PNRPAutoRegstisvc;Servizio di pubblicazione nome computer PNRP PNRPAutoRegstisvc;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 PNRPAutoRegstisvcSchedule;Servizio di pubblicazione nome computer PNRP PNRPAutoRegstisvc PNRPAutoRegstisvcSchedule;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 ProtectedStorageSLUINotify;Archiviazione protetta ProtectedStorageSLUINotify;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 RemoteAccessMSiSCSI;Routing e Accesso remoto RemoteAccessMSiSCSI;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 SCardSvrgpsvc;Smart Card SCardSvrgpsvc;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 seclogonEapHost;Accesso secondario seclogonEapHost;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 seclogonwbengine;Accesso secondario seclogonwbengine;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 SetScardSvrService;Smart Card Base Component Helper;c:\windows\system32\SetScardSvrService.exe [2007-10-5 65536]
S2 SetScardSvrServiceWinRM;Smart Card Base Component Helper SetScardSvrServiceWinRM;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 SetScardSvrServiceWinRMTeamViewer5;Smart Card Base Component Helper SetScardSvrServiceWinRM SetScardSvrServiceWinRMTeamViewer5;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 SetScardSvrServiceWinRMwscsvc;Smart Card Base Component Helper SetScardSvrServiceWinRM SetScardSvrServiceWinRMwscsvc;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 sftlistServiceLayer;Application Virtualization Client sftlistServiceLayer;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 ShellHWDetectiondot3svc;Rilevamento hardware shell ShellHWDetectiondot3svc;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 ShellHWDetectionWSearch;Rilevamento hardware shell ShellHWDetectionWSearch;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 slsvcDcomLaunch;Gestione licenze software slsvcDcomLaunch;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 SpoolerNetlogon;Spooler di stampa SpoolerNetlogon;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 SSDPSRVWinHttpAutoProxySvcAppMgmt;Individuazione SSDP SSDPSRVWinHttpAutoProxySvcAppMgmt;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 ThemesEMDMgmt;Temi ThemesEMDMgmt;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 ThemesTabletInputService;Temi ThemesTabletInputService;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-26 179712]
S3 CAM1690;USB PC Camera;c:\windows\system32\drivers\cam1690.sys [2007-11-21 182656]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2007-3-30 28472]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-1-17 113664]
S3 FLCDLOCK;Controllo/blocco dispositivi HP ProtectTools;c:\windows\system32\flcdlock.exe [2007-3-30 172131]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\norton ghost\shared\drivers\GenericMountHelper.exe [2009-9-21 1571336]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-4-6 88192]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-1-17 101120]
S3 ipmmlsnt;miniLector Smart Card Reader;c:\windows\system32\drivers\ipmmlsnt.sys [2007-10-5 16393]
S3 IPMNET;miniLector USB Smart Card Reader;c:\windows\system32\drivers\ipmmlu2k.sys [2007-10-5 23471]
S3 PAC7311;Trust Webcam 14839;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 154752]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2006-11-2 7168]
S3 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2011-3-22 497080]
.
=============== Created Last 30 ================
.
2011-04-07 19:20:43 -------- d-----w- C:\07-04-2011
2011-04-07 17:14:23 -------- d-----w- C:\465ef7c9979fdd630b8663b3d1f344
2011-04-07 17:14:00 -------- d-----w- C:\3fd0b12938f2e7cef987bac56edb54c4
2011-04-07 15:36:26 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8ec394e5-240d-4f60-a257-72a81293d468}\mpengine.dll
2011-04-05 14:48:26 -------- d-----w- c:\windows\pss
2011-04-02 17:20:47 -------- d-----w- c:\users\r8413~1.tro\appdata\roaming\Xoovy
2011-04-02 15:20:25 -------- d-----w- C:\Windows Repair
2011-03-29 21:26:33 102400 ----a-w- c:\windows\RegBootClean.exe
2011-03-22 09:22:29 -------- d-----w- c:\windows\system32\log
2011-03-22 09:20:46 57424 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-03-22 09:20:12 67664 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-03-21 17:29:47 -------- d--h--w- c:\program files\Uninstall ModuliControlloCSO2011
.
==================== Find3M ====================
.
2011-04-06 09:06:02 11264 ----a-w- c:\windows\DCEBoot.exe
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6000 Disk: Hitachi_ rev.BBFO -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys >>UNKNOWN [0x87213439]<<
c:\windows\system32\drivers\hpdskflt.sys Hewlett-Packard Mobile Data Protection System
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x872197d0]; MOV EAX, [0x8721984c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82C27F3B] -> \Device\Harddisk0\DR0[0x86C7AAD8]
3 nt[0x82CB07E2] -> ntkrnlpa!IofCallDriver[0x82C27F3B] -> [0x86B774B0]
5 hpdskflt[0x8309A090] -> ntkrnlpa!IofCallDriver[0x82C27F3B] -> [0x85ADBC20]
7 acpi[0x8044D32A] -> ntkrnlpa!IofCallDriver[0x82C27F3B] -> [0x85AC0028]
\Driver\iaStor[0x871FFF38] -> IRP_MJ_CREATE -> 0x87213439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskHitachi_HTS542525K9SA00_________________BBFOC32P#4&af4b668&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x85a151f8
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 21.33.21,35 ===============
How i can remove olmarik.ajl troian on mbr of my disk?
Thank you for your help.
dds log:
DDS (Ver_11-03-05.01) - NTFSx86
Run by mvela at 21.31.57,94 on 07/04/2011
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Business N 6.0.6000.0.1252.39.1040.18.2039.701 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\DWRCS.EXE
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\PAStiSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Windows\system32\DWRCST.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Windows\SMINST\scheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHosttr.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\MemoRex\MemoRex.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Users\r.trovato\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uDefault_Page_URL = hxxp://intranet/sites/intranet/default.aspx
mStart Page = about:blank
mDefault_Page_URL = hxxp://intranet/sites/intranet/default.aspx
uInternet Settings,ProxyServer = 10.1.8.14:8080
uInternet Settings,ProxyOverride = 10.*;*.sielte.it;*.dre;*.grupo-stc.es;*.sielte.com;<local>
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,"c:\program files\microsoft application virtualization client\sftdcc.exe"
BHO: Supporto di collegamento per Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Waiting1690] c:\windows\stid1690.exe
mRun: [PCSuiteTrayApplication] c:\progra~1\nokia\nokiap~1\LAUNCH~1.EXE -startup
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [MemoREX] "c:\program files\memorex\MemoRexStart.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [LogitechSetup] d:\setup\Setup.exe /restart /l:ita
mRun: [Norton Ghost 15.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SoftGridTray] "c:\program files\microsoft application virtualization client\SFTTray.exe" /autostart
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe
mRunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
dRun: [WCkvgdplDVpcLni] c:\programdata\WCkvgdplDVpcLni.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gestio~1.lnk - c:\program files\microsoft firewall client 2004\FwcMgmt.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scmon.lnk - c:\windows\system32\SISCMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\microsoft firewall client 2004\FwcWsp.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://srvav01:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://srvav01:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://srvav01:4343/officescan/console/html/root/AtxEnc.cab
DPF: {4819DFDF-ABC4-488C-A323-919848C51175} - hxxp://portal3.rinera.com/download/RineraProxy-1.4.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {29BBCE86-BE8C-43E1-B313-5B609804B4FB} = 86.64.145.40,212.30.96.108
TCP: {AD2ECA73-EACD-4FB6-9E25-2FEF067FEB4B} = 86.64.145.140,212.30.98.108
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: DeviceNP - DeviceNP.dll
Notify: gmecoss - c:\windows\system32\config\systemprofile\appdata\local\gmecoss.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ASWLNPkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\r8413~1.tro\appdata\roaming\mozilla\firefox\profiles\yrzuk222.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\r.trovato\appdata\roaming\mozilla\firefox\profiles\yrzuk222.default\extensions\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\r.trovato\appdata\roaming\mozilla\firefox\profiles\yrzuk222.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar_IT Community Toolbar: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - %profile%\extensions\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}
FF - Ext: Add N Edit Cookies: {038dc421-b19e-4711-a218-1fd10de9163b} - %profile%\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}
FF - Ext: Add to Search Bar: add-to-searchbox@maltekraus.de - %profile%\extensions\add-to-searchbox@maltekraus.de
FF - Ext: NoSquint: nosquint@urandom.ca - %profile%\extensions\nosquint@urandom.ca
FF - Ext: Tab Progress Bar: tabprogressbar@studio17.wordpress.com - %profile%\extensions\tabprogressbar@studio17.wordpress.com
FF - Ext: KwiClick: vinceturk@gmail.com - %profile%\extensions\vinceturk@gmail.com
FF - Ext: Resurrect Pages: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3} - %profile%\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
FF - Ext: TweakMDB: {15a82062-5139-4855-9706-130a8a4be80c} - %profile%\extensions\{15a82062-5139-4855-9706-130a8a4be80c}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: Context Search: {902D2C4A-457A-4EF9-AD43-7014562929FF} - %profile%\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}
FF - Ext: LinkExtend: {cf47767d-5f3a-4e32-9fce-5d79565c9702} - %profile%\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: HttpFox: {4093c4de-454a-4329-8aff-c6b0b123c386} - %profile%\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}
.
============= SERVICES / DRIVERS ===============
.
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R2 ASBroker;Operatore della sessione di accesso;c:\windows\system32\svchost.exe -k Cognizance [2006-11-2 22016]
R2 ASChannel;Canale di comunicazione locale;c:\windows\system32\svchost.exe -k Cognizance [2006-11-2 22016]
R2 FwcAgent;Agente client firewall;c:\program files\microsoft firewall client 2004\FwcAgent.exe [2006-12-9 128832]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 26168]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-7-23 447848]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-11-6 2011944]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-3-22 57424]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2007-6-12 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2007-6-12 36432]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2009-9-21 46192]
R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSlh.sys [2009-7-23 543080]
R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplaylh.sys [2009-7-23 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-7-23 21864]
R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVollh.sys [2009-7-23 14696]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-7-23 203624]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2009-9-21 1964528]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2007-4-27 689416]
S2 ALGodserv;Servizio Gateway di livello applicazione ALGodserv;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 AppinfoCVPND;Informazioni applicazioni AppinfoCVPND;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 Audiosrvdot3svc;Audio di Windows Audiosrvdot3svc;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 CryptSvchpsrvTeamViewer5MMCSS;Servizi di crittografia CryptSvchpsrvTeamViewer5MMCSS;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 CryptSvcLVSrvLauncher;Servizi di crittografia CryptSvcLVSrvLauncher;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 Dhcpodserv;Client DHCP Dhcpodserv;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 EMDMgmtCom4Qlb;ReadyBoost EMDMgmtCom4Qlb;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 EMDMgmtPNRPsvc;ReadyBoost EMDMgmtPNRPsvc;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-11 136176]
S2 hpsrvPlugPlayASChannel;HP Service hpsrvPlugPlayASChannel;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 hpsrvSSDPSRV;HP Service hpsrvSSDPSRV;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 hpsrvTeamViewer5;HP Service hpsrvTeamViewer5;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 hpsrvTeamViewer5MMCSS;HP Service hpsrvTeamViewer5 hpsrvTeamViewer5MMCSS;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 hpsrvTeamViewer5MMCSSfdPHost;HP Service hpsrvTeamViewer5 hpsrvTeamViewer5MMCSS hpsrvTeamViewer5MMCSSfdPHost;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 lmhostsThemesTabletInputService;Helper NetBIOS di TCP/IP lmhostsThemesTabletInputService;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 MMCSSTrkWks;Utilità di pianificazione classi multimediali MMCSSTrkWks;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 MSCamSvcKtmRm;MSCamSvc MSCamSvcKtmRm;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 NetTcpPortSharingmsiserver;Servizio di condivisione porte Net.Tcp NetTcpPortSharingmsiserver;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 PlugPlayASChannel;Plug and Play PlugPlayASChannel;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 PNRPAutoRegstisvc;Servizio di pubblicazione nome computer PNRP PNRPAutoRegstisvc;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 PNRPAutoRegstisvcSchedule;Servizio di pubblicazione nome computer PNRP PNRPAutoRegstisvc PNRPAutoRegstisvcSchedule;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 ProtectedStorageSLUINotify;Archiviazione protetta ProtectedStorageSLUINotify;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 RemoteAccessMSiSCSI;Routing e Accesso remoto RemoteAccessMSiSCSI;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 SCardSvrgpsvc;Smart Card SCardSvrgpsvc;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 seclogonEapHost;Accesso secondario seclogonEapHost;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 seclogonwbengine;Accesso secondario seclogonwbengine;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 SetScardSvrService;Smart Card Base Component Helper;c:\windows\system32\SetScardSvrService.exe [2007-10-5 65536]
S2 SetScardSvrServiceWinRM;Smart Card Base Component Helper SetScardSvrServiceWinRM;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 SetScardSvrServiceWinRMTeamViewer5;Smart Card Base Component Helper SetScardSvrServiceWinRM SetScardSvrServiceWinRMTeamViewer5;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 SetScardSvrServiceWinRMwscsvc;Smart Card Base Component Helper SetScardSvrServiceWinRM SetScardSvrServiceWinRMwscsvc;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 sftlistServiceLayer;Application Virtualization Client sftlistServiceLayer;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 ShellHWDetectiondot3svc;Rilevamento hardware shell ShellHWDetectiondot3svc;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 ShellHWDetectionWSearch;Rilevamento hardware shell ShellHWDetectionWSearch;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 slsvcDcomLaunch;Gestione licenze software slsvcDcomLaunch;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 SpoolerNetlogon;Spooler di stampa SpoolerNetlogon;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 SSDPSRVWinHttpAutoProxySvcAppMgmt;Individuazione SSDP SSDPSRVWinHttpAutoProxySvcAppMgmt;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 ThemesEMDMgmt;Temi ThemesEMDMgmt;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 ThemesTabletInputService;Temi ThemesTabletInputService;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-26 179712]
S3 CAM1690;USB PC Camera;c:\windows\system32\drivers\cam1690.sys [2007-11-21 182656]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2007-3-30 28472]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-1-17 113664]
S3 FLCDLOCK;Controllo/blocco dispositivi HP ProtectTools;c:\windows\system32\flcdlock.exe [2007-3-30 172131]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\norton ghost\shared\drivers\GenericMountHelper.exe [2009-9-21 1571336]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-4-6 88192]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-1-17 101120]
S3 ipmmlsnt;miniLector Smart Card Reader;c:\windows\system32\drivers\ipmmlsnt.sys [2007-10-5 16393]
S3 IPMNET;miniLector USB Smart Card Reader;c:\windows\system32\drivers\ipmmlu2k.sys [2007-10-5 23471]
S3 PAC7311;Trust Webcam 14839;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 154752]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2006-11-2 7168]
S3 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2011-3-22 497080]
.
=============== Created Last 30 ================
.
2011-04-07 19:20:43 -------- d-----w- C:\07-04-2011
2011-04-07 17:14:23 -------- d-----w- C:\465ef7c9979fdd630b8663b3d1f344
2011-04-07 17:14:00 -------- d-----w- C:\3fd0b12938f2e7cef987bac56edb54c4
2011-04-07 15:36:26 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8ec394e5-240d-4f60-a257-72a81293d468}\mpengine.dll
2011-04-05 14:48:26 -------- d-----w- c:\windows\pss
2011-04-02 17:20:47 -------- d-----w- c:\users\r8413~1.tro\appdata\roaming\Xoovy
2011-04-02 15:20:25 -------- d-----w- C:\Windows Repair
2011-03-29 21:26:33 102400 ----a-w- c:\windows\RegBootClean.exe
2011-03-22 09:22:29 -------- d-----w- c:\windows\system32\log
2011-03-22 09:20:46 57424 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-03-22 09:20:12 67664 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-03-21 17:29:47 -------- d--h--w- c:\program files\Uninstall ModuliControlloCSO2011
.
==================== Find3M ====================
.
2011-04-06 09:06:02 11264 ----a-w- c:\windows\DCEBoot.exe
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6000 Disk: Hitachi_ rev.BBFO -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys >>UNKNOWN [0x87213439]<<
c:\windows\system32\drivers\hpdskflt.sys Hewlett-Packard Mobile Data Protection System
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x872197d0]; MOV EAX, [0x8721984c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82C27F3B] -> \Device\Harddisk0\DR0[0x86C7AAD8]
3 nt[0x82CB07E2] -> ntkrnlpa!IofCallDriver[0x82C27F3B] -> [0x86B774B0]
5 hpdskflt[0x8309A090] -> ntkrnlpa!IofCallDriver[0x82C27F3B] -> [0x85ADBC20]
7 acpi[0x8044D32A] -> ntkrnlpa!IofCallDriver[0x82C27F3B] -> [0x85AC0028]
\Driver\iaStor[0x871FFF38] -> IRP_MJ_CREATE -> 0x87213439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskHitachi_HTS542525K9SA00_________________BBFOC32P#4&af4b668&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x85a151f8
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 21.33.21,35 ===============