olmarik.ajl troian ESET NOD 32

[mvela]

hello my friend,
How i can remove olmarik.ajl troian on mbr of my disk?
Thank you for your help.
dds log:
DDS (Ver_11-03-05.01) - NTFSx86
Run by mvela at 21.31.57,94 on 07/04/2011
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Business N 6.0.6000.0.1252.39.1040.18.2039.701 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\DWRCS.EXE
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\PAStiSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Windows\system32\DWRCST.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Windows\SMINST\scheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHosttr.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\MemoRex\MemoRex.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Users\r.trovato\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uDefault_Page_URL = hxxp://intranet/sites/intranet/default.aspx
mStart Page = about:blank
mDefault_Page_URL = hxxp://intranet/sites/intranet/default.aspx
uInternet Settings,ProxyServer = 10.1.8.14:8080
uInternet Settings,ProxyOverride = 10.*;*.sielte.it;*.dre;*.grupo-stc.es;*.sielte.com;<local>
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,"c:\program files\microsoft application virtualization client\sftdcc.exe"
BHO: Supporto di collegamento per Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Waiting1690] c:\windows\stid1690.exe
mRun: [PCSuiteTrayApplication] c:\progra~1\nokia\nokiap~1\LAUNCH~1.EXE -startup
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [MemoREX] "c:\program files\memorex\MemoRexStart.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [LogitechSetup] d:\setup\Setup.exe /restart /l:ita
mRun: [Norton Ghost 15.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SoftGridTray] "c:\program files\microsoft application virtualization client\SFTTray.exe" /autostart
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe
mRunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
dRun: [WCkvgdplDVpcLni] c:\programdata\WCkvgdplDVpcLni.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gestio~1.lnk - c:\program files\microsoft firewall client 2004\FwcMgmt.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scmon.lnk - c:\windows\system32\SISCMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\microsoft firewall client 2004\FwcWsp.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://srvav01:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://srvav01:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://srvav01:4343/officescan/console/html/root/AtxEnc.cab
DPF: {4819DFDF-ABC4-488C-A323-919848C51175} - hxxp://portal3.rinera.com/download/RineraProxy-1.4.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {29BBCE86-BE8C-43E1-B313-5B609804B4FB} = 86.64.145.40,212.30.96.108
TCP: {AD2ECA73-EACD-4FB6-9E25-2FEF067FEB4B} = 86.64.145.140,212.30.98.108
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: DeviceNP - DeviceNP.dll
Notify: gmecoss - c:\windows\system32\config\systemprofile\appdata\local\gmecoss.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ASWLNPkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\r8413~1.tro\appdata\roaming\mozilla\firefox\profiles\yrzuk222.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\r.trovato\appdata\roaming\mozilla\firefox\profiles\yrzuk222.default\extensions\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\r.trovato\appdata\roaming\mozilla\firefox\profiles\yrzuk222.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar_IT Community Toolbar: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - %profile%\extensions\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}
FF - Ext: Add N Edit Cookies: {038dc421-b19e-4711-a218-1fd10de9163b} - %profile%\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}
FF - Ext: Add to Search Bar: add-to-searchbox@maltekraus.de - %profile%\extensions\add-to-searchbox@maltekraus.de
FF - Ext: NoSquint: nosquint@urandom.ca - %profile%\extensions\nosquint@urandom.ca
FF - Ext: Tab Progress Bar: tabprogressbar@studio17.wordpress.com - %profile%\extensions\tabprogressbar@studio17.wordpress.com
FF - Ext: KwiClick: vinceturk@gmail.com - %profile%\extensions\vinceturk@gmail.com
FF - Ext: Resurrect Pages: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3} - %profile%\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
FF - Ext: TweakMDB: {15a82062-5139-4855-9706-130a8a4be80c} - %profile%\extensions\{15a82062-5139-4855-9706-130a8a4be80c}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: Context Search: {902D2C4A-457A-4EF9-AD43-7014562929FF} - %profile%\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}
FF - Ext: LinkExtend: {cf47767d-5f3a-4e32-9fce-5d79565c9702} - %profile%\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: HttpFox: {4093c4de-454a-4329-8aff-c6b0b123c386} - %profile%\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}
.
============= SERVICES / DRIVERS ===============
.
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R2 ASBroker;Operatore della sessione di accesso;c:\windows\system32\svchost.exe -k Cognizance [2006-11-2 22016]
R2 ASChannel;Canale di comunicazione locale;c:\windows\system32\svchost.exe -k Cognizance [2006-11-2 22016]
R2 FwcAgent;Agente client firewall;c:\program files\microsoft firewall client 2004\FwcAgent.exe [2006-12-9 128832]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 26168]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-7-23 447848]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-11-6 2011944]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-3-22 57424]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2007-6-12 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2007-6-12 36432]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2009-9-21 46192]
R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSlh.sys [2009-7-23 543080]
R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplaylh.sys [2009-7-23 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-7-23 21864]
R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVollh.sys [2009-7-23 14696]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-7-23 203624]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2009-9-21 1964528]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2007-4-27 689416]
S2 ALGodserv;Servizio Gateway di livello applicazione ALGodserv;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 AppinfoCVPND;Informazioni applicazioni AppinfoCVPND;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 Audiosrvdot3svc;Audio di Windows Audiosrvdot3svc;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 CryptSvchpsrvTeamViewer5MMCSS;Servizi di crittografia CryptSvchpsrvTeamViewer5MMCSS;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 CryptSvcLVSrvLauncher;Servizi di crittografia CryptSvcLVSrvLauncher;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 Dhcpodserv;Client DHCP Dhcpodserv;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 EMDMgmtCom4Qlb;ReadyBoost EMDMgmtCom4Qlb;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 EMDMgmtPNRPsvc;ReadyBoost EMDMgmtPNRPsvc;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-11 136176]
S2 hpsrvPlugPlayASChannel;HP Service hpsrvPlugPlayASChannel;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 hpsrvSSDPSRV;HP Service hpsrvSSDPSRV;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 hpsrvTeamViewer5;HP Service hpsrvTeamViewer5;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 hpsrvTeamViewer5MMCSS;HP Service hpsrvTeamViewer5 hpsrvTeamViewer5MMCSS;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 hpsrvTeamViewer5MMCSSfdPHost;HP Service hpsrvTeamViewer5 hpsrvTeamViewer5MMCSS hpsrvTeamViewer5MMCSSfdPHost;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 lmhostsThemesTabletInputService;Helper NetBIOS di TCP/IP lmhostsThemesTabletInputService;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 MMCSSTrkWks;Utilità di pianificazione classi multimediali MMCSSTrkWks;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 MSCamSvcKtmRm;MSCamSvc MSCamSvcKtmRm;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 NetTcpPortSharingmsiserver;Servizio di condivisione porte Net.Tcp NetTcpPortSharingmsiserver;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 PlugPlayASChannel;Plug and Play PlugPlayASChannel;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 PNRPAutoRegstisvc;Servizio di pubblicazione nome computer PNRP PNRPAutoRegstisvc;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 PNRPAutoRegstisvcSchedule;Servizio di pubblicazione nome computer PNRP PNRPAutoRegstisvc PNRPAutoRegstisvcSchedule;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 ProtectedStorageSLUINotify;Archiviazione protetta ProtectedStorageSLUINotify;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 RemoteAccessMSiSCSI;Routing e Accesso remoto RemoteAccessMSiSCSI;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 SCardSvrgpsvc;Smart Card SCardSvrgpsvc;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 seclogonEapHost;Accesso secondario seclogonEapHost;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 seclogonwbengine;Accesso secondario seclogonwbengine;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 SetScardSvrService;Smart Card Base Component Helper;c:\windows\system32\SetScardSvrService.exe [2007-10-5 65536]
S2 SetScardSvrServiceWinRM;Smart Card Base Component Helper SetScardSvrServiceWinRM;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 SetScardSvrServiceWinRMTeamViewer5;Smart Card Base Component Helper SetScardSvrServiceWinRM SetScardSvrServiceWinRMTeamViewer5;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 SetScardSvrServiceWinRMwscsvc;Smart Card Base Component Helper SetScardSvrServiceWinRM SetScardSvrServiceWinRMwscsvc;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 sftlistServiceLayer;Application Virtualization Client sftlistServiceLayer;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 ShellHWDetectiondot3svc;Rilevamento hardware shell ShellHWDetectiondot3svc;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 ShellHWDetectionWSearch;Rilevamento hardware shell ShellHWDetectionWSearch;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 slsvcDcomLaunch;Gestione licenze software slsvcDcomLaunch;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 SpoolerNetlogon;Spooler di stampa SpoolerNetlogon;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 SSDPSRVWinHttpAutoProxySvcAppMgmt;Individuazione SSDP SSDPSRVWinHttpAutoProxySvcAppMgmt;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 ThemesEMDMgmt;Temi ThemesEMDMgmt;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S2 ThemesTabletInputService;Temi ThemesTabletInputService;c:\windows\system32\apdsl.exe srv --> c:\windows\system32\apdsl.exe srv [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-26 179712]
S3 CAM1690;USB PC Camera;c:\windows\system32\drivers\cam1690.sys [2007-11-21 182656]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2007-3-30 28472]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-1-17 113664]
S3 FLCDLOCK;Controllo/blocco dispositivi HP ProtectTools;c:\windows\system32\flcdlock.exe [2007-3-30 172131]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\norton ghost\shared\drivers\GenericMountHelper.exe [2009-9-21 1571336]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-4-6 88192]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-1-17 101120]
S3 ipmmlsnt;miniLector Smart Card Reader;c:\windows\system32\drivers\ipmmlsnt.sys [2007-10-5 16393]
S3 IPMNET;miniLector USB Smart Card Reader;c:\windows\system32\drivers\ipmmlu2k.sys [2007-10-5 23471]
S3 PAC7311;Trust Webcam 14839;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 154752]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2006-11-2 7168]
S3 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2011-3-22 497080]
.
=============== Created Last 30 ================
.
2011-04-07 19:20:43 -------- d-----w- C:\07-04-2011
2011-04-07 17:14:23 -------- d-----w- C:\465ef7c9979fdd630b8663b3d1f344
2011-04-07 17:14:00 -------- d-----w- C:\3fd0b12938f2e7cef987bac56edb54c4
2011-04-07 15:36:26 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8ec394e5-240d-4f60-a257-72a81293d468}\mpengine.dll
2011-04-05 14:48:26 -------- d-----w- c:\windows\pss
2011-04-02 17:20:47 -------- d-----w- c:\users\r8413~1.tro\appdata\roaming\Xoovy
2011-04-02 15:20:25 -------- d-----w- C:\Windows Repair
2011-03-29 21:26:33 102400 ----a-w- c:\windows\RegBootClean.exe
2011-03-22 09:22:29 -------- d-----w- c:\windows\system32\log
2011-03-22 09:20:46 57424 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-03-22 09:20:12 67664 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-03-21 17:29:47 -------- d--h--w- c:\program files\Uninstall ModuliControlloCSO2011
.
==================== Find3M ====================
.
2011-04-06 09:06:02 11264 ----a-w- c:\windows\DCEBoot.exe
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6000 Disk: Hitachi_ rev.BBFO -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys >>UNKNOWN [0x87213439]<<
c:\windows\system32\drivers\hpdskflt.sys Hewlett-Packard Mobile Data Protection System
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x872197d0]; MOV EAX, [0x8721984c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82C27F3B] -> \Device\Harddisk0\DR0[0x86C7AAD8]
3 nt[0x82CB07E2] -> ntkrnlpa!IofCallDriver[0x82C27F3B] -> [0x86B774B0]
5 hpdskflt[0x8309A090] -> ntkrnlpa!IofCallDriver[0x82C27F3B] -> [0x85ADBC20]
7 acpi[0x8044D32A] -> ntkrnlpa!IofCallDriver[0x82C27F3B] -> [0x85AC0028]
\Driver\iaStor[0x871FFF38] -> IRP_MJ_CREATE -> 0x87213439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskHitachi_HTS542525K9SA00_________________BBFOC32P#4&af4b668&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x85a151f8
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 21.33.21,35 ===============

[Blade81]

Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
emule


I'd like you to read this thread.

Uninstall the programs listed above (in red). When ready, post fresh dds logs.

[Blade81]

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.