Salve ragazzi, notate qualcosa che non va nel mio log?
Codice:
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2007-03-04 21:17:43
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.10 ----
SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
---- Devices - GMER 1.0.10 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867C8EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 867C9788
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 867C9788
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 867C9788
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 867C9788
Device \Driver\00000041 \Device\00000046 IRP_MJ_SYSTEM_CONTROL [F7414A26] sptd.sys
Device \Driver\00000041 \Device\00000046 IRP_MJ_DEVICE_CHANGE [F7428BD8] sptd.sys
Device \Driver\00000041 \Device\00000046 IRP_MJ_PNP_POWER [F742154E] sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{93F170FC-74C1-45E0-841B-AEBA36FF1ED8} IRP_MJ_CREATE 85314810
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867C9A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 867C9A40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8674ED38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 85314EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 85314EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8674ED38
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 85314810
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 85314810
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 867C80E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 85338C38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 85338C38
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP_POWER 85338C38
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 853B1100
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 853B1100
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSEIRP_MJ_READ 853B1100
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 853B1100
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 853B1100
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 853B1100
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_EA 853B1100
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 867C9A40
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 85FF7C58
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 8674BA18
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 8674BA18
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 851ABD18
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 85315AB8
---- Files - GMER 1.0.10 ----
File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log
---- EOF - GMER 1.0.10 ----