Tech Support Forum - View Single Post

yahoot · 10-01-2006, 06:03 PM

Done:

10/01/06 19:13:51 [Info]: BlackLight Engine 1.0.47 initialized
10/01/06 19:13:51 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/01/06 19:13:52 [Note]: 7019 4
10/01/06 19:13:52 [Note]: 7005 0
10/01/06 19:14:07 [Note]: 7006 0
10/01/06 19:14:08 [Note]: 7011 1256
10/01/06 19:14:08 [Note]: 7026 0
10/01/06 19:14:08 [Note]: 7026 0
10/01/06 19:14:21 [Note]: FSRAW library version 1.7.1020
10/01/06 19:26:13 [Note]: 2000 1012
10/01/06 19:27:15 [Note]: 7007 0

GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-01 19:58:54
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.11 ----

SSDT \??\C:\WINNT\System32\vsdatant.sys ZwConnectPort
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwCreateFile
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwCreateKey
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwCreatePort
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwCreateProcess
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwCreateProcessEx
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwCreateSection
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwDeleteFile
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwDeleteKey
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwDeleteValueKey
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwDuplicateObject
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwLoadKey
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwOpenFile
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwOpenProcess
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwOpenThread
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwReplaceKey
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwRestoreKey
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwSecureConnectPort
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwSetInformationFile
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwSetValueKey
SSDT \??\C:\WINNT\System32\vsdatant.sys ZwTerminateProcess

---- Devices - GMER 1.0.11 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F49A22A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F49A22A0] vsdatant.sys

---- Files - GMER 1.0.11 ----

ADS ...
ADS D:\Local TeXMF\tex\Latex\kluwer\00readme:SummaryInformation
ADS D:\Local TeXMF\tex\Latex\kluwer\00readme:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS D:\misc\pics\0W93977.jpg:Q30lsldxJoudresxAaaqpcawXc
ADS ...

---- EOF - GMER 1.0.11 ----

10-01-2006, 06:03 PM	#9 (permalink)
yahoot Registered User Join Date: Sep 2006 Posts: 23 OS: WinXP SP2	Done: 10/01/06 19:13:51 [Info]: BlackLight Engine 1.0.47 initialized 10/01/06 19:13:51 [Info]: OS: 5.1 build 2600 (Service Pack 2) 10/01/06 19:13:52 [Note]: 7019 4 10/01/06 19:13:52 [Note]: 7005 0 10/01/06 19:14:07 [Note]: 7006 0 10/01/06 19:14:08 [Note]: 7011 1256 10/01/06 19:14:08 [Note]: 7026 0 10/01/06 19:14:08 [Note]: 7026 0 10/01/06 19:14:21 [Note]: FSRAW library version 1.7.1020 10/01/06 19:26:13 [Note]: 2000 1012 10/01/06 19:27:15 [Note]: 7007 0 GMER 1.0.11.11390 - http://www.gmer.net Rootkit 2006-10-01 19:58:54 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.11 ---- SSDT \??\C:\WINNT\System32\vsdatant.sys ZwConnectPort SSDT \??\C:\WINNT\System32\vsdatant.sys ZwCreateFile SSDT \??\C:\WINNT\System32\vsdatant.sys ZwCreateKey SSDT \??\C:\WINNT\System32\vsdatant.sys ZwCreatePort SSDT \??\C:\WINNT\System32\vsdatant.sys ZwCreateProcess SSDT \??\C:\WINNT\System32\vsdatant.sys ZwCreateProcessEx SSDT \??\C:\WINNT\System32\vsdatant.sys ZwCreateSection SSDT \??\C:\WINNT\System32\vsdatant.sys ZwCreateWaitablePort SSDT \??\C:\WINNT\System32\vsdatant.sys ZwDeleteFile SSDT \??\C:\WINNT\System32\vsdatant.sys ZwDeleteKey SSDT \??\C:\WINNT\System32\vsdatant.sys ZwDeleteValueKey SSDT \??\C:\WINNT\System32\vsdatant.sys ZwDuplicateObject SSDT \??\C:\WINNT\System32\vsdatant.sys ZwLoadKey SSDT \??\C:\WINNT\System32\vsdatant.sys ZwOpenFile SSDT \??\C:\WINNT\System32\vsdatant.sys ZwOpenProcess SSDT \??\C:\WINNT\System32\vsdatant.sys ZwOpenThread SSDT \??\C:\WINNT\System32\vsdatant.sys ZwReplaceKey SSDT \??\C:\WINNT\System32\vsdatant.sys ZwRequestWaitReplyPort SSDT \??\C:\WINNT\System32\vsdatant.sys ZwRestoreKey SSDT \??\C:\WINNT\System32\vsdatant.sys ZwSecureConnectPort SSDT \??\C:\WINNT\System32\vsdatant.sys ZwSetInformationFile SSDT \??\C:\WINNT\System32\vsdatant.sys ZwSetValueKey SSDT \??\C:\WINNT\System32\vsdatant.sys ZwTerminateProcess ---- Devices - GMER 1.0.11 ---- Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F49A22A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F49A22A0] vsdatant.sys ---- Files - GMER 1.0.11 ---- ADS ... ADS D:\Local TeXMF\tex\Latex\kluwer\00readme:SummaryInformation ADS D:\Local TeXMF\tex\Latex\kluwer\00readme:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ADS D:\misc\pics\0W93977.jpg:Q30lsldxJoudresxAaaqpcawXc ADS ... ---- EOF - GMER 1.0.11 ----