Perdonami, questo è il log corretto
[quote]GMER 1.0.12.12027 -
http://www.gmer.net
Rootkit scan 2007-02-19 13:11:35
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT a347bus.sys ZwClose
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenFile
SSDT a347bus.sys ZwOpenKey
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867E2328
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 860A5AB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 860A5AB8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 86246260
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 860A5AB8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 860A5AB8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_NAMED_PIPE 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_READ 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_WRITE 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_INFORMATION 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_INFORMATION 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_EA 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_EA 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FLUSH_BUFFERS 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_VOLUME_INFORMATION 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DIRECTORY_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SHUTDOWN 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_LOCK_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLEANUP 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_MAILSLOT 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_SECURITY 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_SECURITY 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CHANGE 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_QUOTA 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_QUOTA 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 860E62A8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 860E62A8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 860E62A8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT