Ecco il log fatto con gmer:
SSDT a347bus.sys ZwClose
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenFile
SSDT a347bus.sys ZwOpenKey
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState
---- User code sections - GMER 1.0.13 ----
.text C:\windows\Explorer.EXE[1008] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 022B20A7; RET
.text C:\windows\Explorer.EXE[1008] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 022B2498; RET
.text C:\windows\Explorer.EXE[1008] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 022B279E; RET
.text C:\Programmi\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe[1284] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, A7, 20, 9E ]
.text C:\Programmi\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe[1284] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Programmi\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe[1284] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 98, 24, 9E ]
.text C:\Programmi\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe[1284] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Programmi\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe[1284] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 9E, 27, 9E ]
.text C:\Programmi\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe[1284] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\windows\SOUNDMAN.EXE[1324] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, A7, 20, BE ]
.text C:\windows\SOUNDMAN.EXE[1324] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\windows\SOUNDMAN.EXE[1324] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 98, 24, BE ]
.text C:\windows\SOUNDMAN.EXE[1324] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\windows\SOUNDMAN.EXE[1324] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 9E, 27, BE ]
.text C:\windows\SOUNDMAN.EXE[1324] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1360] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, A7, 20, DF ]
.text C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1360] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1360] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 98, 24, DF ]
.text C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1360] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1360] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 9E, 27, DF ]
.text C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1360] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Programmi\Logitech\iTouch\iTouch.exe[1372] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, A7, 20, F2 ]
.text C:\Programmi\Logitech\iTouch\iTouch.exe[1372] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Programmi\Logitech\iTouch\iTouch.exe[1372] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 98, 24, F2 ]
.text C:\Programmi\Logitech\iTouch\iTouch.exe[1372] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Programmi\Logitech\iTouch\iTouch.exe[1372] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 9E, 27, F2 ]
.text C:\Programmi\Logitech\iTouch\iTouch.exe[1372] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[1380] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, A7, 20, 9C ]
.text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[1380] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[1380] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 98, 24, 9C ]
.text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[1380] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[1380] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 9E, 27, 9C ]
.text C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe[1380] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\windows\system32\ctfmon.exe[1504] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, A7, 20, 9D ]
.text C:\windows\system32\ctfmon.exe[1504] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\windows\system32\ctfmon.exe[1504] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 98, 24, 9D ]
.text C:\windows\system32\ctfmon.exe[1504] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\windows\system32\ctfmon.exe[1504] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 9E, 27, 9D ]
.text C:\windows\system32\ctfmon.exe[1504] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1512] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 010520A7; RET
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1512] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 01052498; RET
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1512] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 0105279E; RET
.text C:\Programmi\Messenger\msmsgs.exe[1516] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, A7, 20, D2 ]
.text C:\Programmi\Messenger\msmsgs.exe[1516] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Programmi\Messenger\msmsgs.exe[1516] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 98, 24, D2 ]
.text C:\Programmi\Messenger\msmsgs.exe[1516] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Programmi\Messenger\msmsgs.exe[1516] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 9E, 27, D2 ]
.text C:\Programmi\Messenger\msmsgs.exe[1516] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 01DF20A7; RET
.text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 01DF2498; RET
.text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2064] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 01DF279E; RET
.text C:\Programmi\Alice ti aiuta\bin\mpbtn.exe[2096] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, A7, 20, 9B ]
.text C:\Programmi\Alice ti aiuta\bin\mpbtn.exe[2096] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Programmi\Alice ti aiuta\bin\mpbtn.exe[2096] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 98, 24, 9B ]
.text C:\Programmi\Alice ti aiuta\bin\mpbtn.exe[2096] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Programmi\Alice ti aiuta\bin\mpbtn.exe[2096] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 9E, 27, 9B ]
.text C:\Programmi\Alice ti aiuta\bin\mpbtn.exe[2096] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[2760] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, A7, 20, D5 ]
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[2760] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
---- Modules - GMER 1.0.13 ----
Module _________ F8450000-F8468000 (98304 bytes)
---- Processes - GMER 1.0.13 ----
Process C:\windows\svchost.exe (*** hidden *** ) 1272
---- Registry - GMER 1.0.13 ----
Reg \Registry\MACHINE\SOFTWARE\5T19I3B27A
Reg \Registry\MACHINE\SOFTWARE\5T19I3B27A@5T19I3B27A 0x41 0xE8 0x7B 0xAF ...
Reg \Registry\MACHINE\SOFTWARE\5T19I3B27A@5T19I3B27A 0x41 0xE8 0x7B 0xAF ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run@5T19I3B27A C:\windows\svchost.exe
Reg \Registry\USER\S-1-5-21-854245398-2000478354-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{13F87D87-73A0-207F-839D-5869BA8CB961}@jacnafjichepphgoidgp 0x6B 0x61 0x6A 0x69 ...
Reg \Registry\USER\S-1-5-21-854245398-2000478354-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{13F87D87-73A0-207F-839D-5869BA8CB961}@iamokclkmhkjejajde 0x6B 0x61 0x6A 0x69 ...
---- EOF - GMER 1.0.13 ----