Fatto.
Questo è il log di Avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fykrdkw^
*******************
Script file located at: \??\C:\Documents and Settings\tcsfdbrw.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Folder C:\windows\temp deleted successfully.
File C:\WINDOWS\systpro32.exe deleted successfully.
File C:\WINDOWS\winhp32.exe deleted successfully.
File C:\WINDOWS\systempro32.dll deleted successfully.
File C:\WINDOWS\msscds32.dll deleted successfully.
File C:\WINDOWS\winmoprp.dll deleted successfully.
File C:\WINDOWS\services.exe deleted successfully.
File C:\WINDOWS\system32\wincom32.sys deleted successfully.
File C:\WINDOWS\system32\sfxzmtsmt.dll deleted successfully.
File C:\WINDOWS\system32\sfxzmtwbmail.dll deleted successfully.
File C:\WINDOWS\system32\sfxzmtsmtspm.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtgtal.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmticq.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtaim.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtforum.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtsmt.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtwbmail.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtymsg.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtsmtspm.dll deleted successfully.
File C:\WINDOWS\system32\sfxzmtforum.dll deleted successfully.
File C:\WINDOWS\system32\cent.exe deleted successfully.
File C:\WINDOWS\system32\zup.exe.exe deleted successfully.
File C:\WINDOWS\system32\pdp.exe.exe deleted successfully.
File C:\WINDOWS\system32\win_87s.exe deleted successfully.
File C:\WINDOWS\system32\3ti.exe deleted successfully.
File C:\WINDOWS\system32\svch5v.dll deleted successfully.
File C:\WINDOWS\system32\3ti.exe.exe deleted successfully.
File C:\WINDOWS\system32\pkja.exe deleted successfully.
File C:\WINDOWS\system32\sysbus2.sys deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|1 deleted successfully.
Completed script processing.
*******************
....e questo è quello di Gmer:
GMER 1.0.12.12244 -
http://www.gmer.net
Rootkit scan 2007-04-18 14:50:59
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT a347bus.sys ZwClose
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT \??\C:\WINDOWS\system32\windev-2eb6-1448.sys ZwEnumerateKey <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\windev-2eb6-1448.sys ZwEnumerateValueKey <-- ROOTKIT !!!
SSDT a347bus.sys ZwOpenFile
SSDT a347bus.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\windev-2eb6-1448.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState
---- Kernel code sections - GMER 1.0.12 ----
? mpbkohbf.sys Impossibile trovare il file specificato.
? C:\WINDOWS\system32\DRIVERS\update.sys
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\explorer.exe[1444] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 51981D1D C:\PROGRA~1\DVDIDL~1\DVDShell.dll
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86740290
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 85FE0438
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [A7D457A0] windev-2eb6-1448.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [A7D457A0] windev-2eb6-1448.sys
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E26D0A30
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E26D0A30
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E26D0A30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 85F50210
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 85F50210
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 85FFCD20
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 85F50210
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 85F50210
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_CREATE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_CREATE_NAMED_PIPE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_CLOSE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_READ 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_WRITE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_QUERY_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_SET_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_QUERY_EA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_SET_EA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_FLUSH_BUFFERS 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_QUERY_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_SET_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_DIRECTORY_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_FILE_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_SHUTDOWN 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_LOCK_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_CLEANUP 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_CREATE_MAILSLOT 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_QUERY_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_SET_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_POWER 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_DEVICE_CHANGE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_QUERY_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_SET_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-13 IRP_MJ_PNP 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_CREATE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_CREATE_NAMED_PIPE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_CLOSE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_READ 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_WRITE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_QUERY_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_SET_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_QUERY_EA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_SET_EA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_FLUSH_BUFFERS 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_QUERY_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_SET_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_DIRECTORY_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_FILE_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_INTERNAL_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_SHUTDOWN 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_LOCK_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_CLEANUP 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_CREATE_MAILSLOT 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_QUERY_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_SET_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_POWER 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_DEVICE_CHANGE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_QUERY_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_SET_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-1b IRP_MJ_PNP 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_NAMED_PIPE 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSE 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_READ 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_WRITE 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_EA 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_EA 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FLUSH_BUFFERS 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DIRECTORY_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FILE_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_LOCK_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLEANUP 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_MAILSLOT 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CHANGE 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_CREATE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_CREATE_NAMED_PIPE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_CLOSE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_READ 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_WRITE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_QUERY_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_SET_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_QUERY_EA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_SET_EA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_FLUSH_BUFFERS 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_QUERY_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_SET_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_DIRECTORY_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_FILE_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_SHUTDOWN 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_LOCK_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_CLEANUP 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_CREATE_MAILSLOT 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_QUERY_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_SET_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_POWER 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_DEVICE_CHANGE 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_QUERY_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_SET_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-5 IRP_MJ_PNP 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_NAMED_PIPE 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSE 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_READ 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_WRITE 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_EA 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_EA 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FLUSH_BUFFERS 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_VOLUME_INFORMATION 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DIRECTORY_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FILE_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_LOCK_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLEANUP 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_MAILSLOT 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_SECURITY 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CHANGE 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_QUOTA 85F77008
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 85F77008
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E14EEC18
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E14EEC18
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E14EEC18
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 85EFA7C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [A7D457A0] windev-2eb6-1448.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [A7D457A0] windev-2eb6-1448.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86297F20
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [A7D457A0] windev-2eb6-1448.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 86297F20
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 860B4B50
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 860B3FB0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AE8661] prosync1.sys
Device \Driver\SI3132 \Device\Scsi\SI31321 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AE8661] prosync1.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 85FE0438
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 860866E0
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 860866E0
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 860866E0
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 860866E0
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 860866E0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 862009D0
---- Modules - GMER 1.0.12 ----
Module _________ F743D000-F7455000 (98304 bytes)
---- Services - GMER 1.0.12 ----
Service C:\WINDOWS\system32\windev-2eb6-1448.sys (*** hidden *** ) [AUTO] windev-2eb6-1448 <-- ROOTKIT !!!
---- Registry - GMER 1.0.12 ----
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-232B-51DE
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-232B-51DE@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@Service windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@DeviceDesc windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@Service windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@DeviceDesc windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000\Control@ActiveService windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@Service windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@DeviceDesc windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-2EB6-1448@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-345F-5360
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-345F-5360@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-3E5B-385A
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-3E5B-385A@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-3F2-53F2
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-3F2-53F2@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@Start 2
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448\Enum@0 Root\LEGACY_WINDEV-2EB6-1448\0000
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-232B-51DE
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-232B-51DE@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-2EB6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-2EB6-1448@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@Service windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@DeviceDesc windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@Service windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@DeviceDesc windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-2EB6-1448@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-345F-5360
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-345F-5360@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-3E5B-385A
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-3E5B-385A@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-3F2-53F2
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDEV-3F2-53F2@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448@Start 2
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-232B-51DE
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-232B-51DE@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@Service windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@DeviceDesc windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@Service windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@DeviceDesc windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000\Control@ActiveService windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@Service windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448\0000@DeviceDesc windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-2EB6-1448@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-345F-5360
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-345F-5360@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-3E5B-385A
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-3E5B-385A@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-3F2-53F2
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-3F2-53F2@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@Type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@Start 2
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448\Enum@0 Root\LEGACY_WINDEV-2EB6-1448\0000
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@ImagePath \??\C:\WINDOWS\system32\windev-2eb6-1448.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-2eb6-1448@DisplayName windev-2eb6-1448
---- Files - GMER 1.0.12 ----
File C:\WINDOWS\system32\windev-2eb6-1448.sys <-- ROOTKIT !!!
File C:\WINDOWS\system32\windev-peers.ini
---- EOF - GMER 1.0.12 ----
Se c'è altro da fare attendo le prossime istruzioni, intenato vedo come si comporta il PC.