Problem z menedzerem zadan

worst · 25 Lipiec 2006 12:42

nio zrobilem -

GMER 1.0.10.10122 - http://www.gmer.net

Rootkit 2006-07-25 14:41:40

Windows 5.1.2600 Dodatek Service Pack. 1



---- System - GMER 1.0.10 ----


SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwClose

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort

SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwCreateKey

SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess

SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx

SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwCreateSymbolicLinkObject

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwCreateThread

SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwDeleteKey

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwDeleteValueKey

SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwEnumerateKey

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwEnumerateValueKey

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwFlushKey

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwInitializeRegistry

SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwLoadKey

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwLoadKey2

SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwNotifyChangeKey

SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwOpenKey

SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwOpenSection

SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwQueryKey

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwQueryMultipleValueKey

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwQuerySystemInformation

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwQueryValueKey

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwReplaceKey

SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwRestoreKey

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwResumeThread

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwSaveKey

SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwSetContextThread

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwSetInformationFile

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwSetInformationKey

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwSetInformationProcess

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwSetSecurityObject

SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwSetValueKey

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwSuspendThread

SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwUnloadKey

SSDT \??\D:\WINDOW\System32\drivers\klif.sys ZwWriteVirtualMemory

SSDT \??\D:\WINDOW\System32\drivers\klif.sys SSDT[284]

SSDT \??\D:\WINDOW\System32\drivers\klif.sys SSDT[285]

SSDT \??\D:\WINDOW\System32\drivers\klif.sys SSDT[286]

SSDT \??\D:\WINDOW\System32\drivers\klif.sys SSDT[287]

SSDT \??\D:\WINDOW\System32\drivers\klif.sys SSDT[288]

SSDT \??\D:\WINDOW\System32\drivers\klif.sys SSDT[289]

SSDT \??\D:\WINDOW\System32\drivers\klif.sys SSDT[290]

SSDT \??\D:\WINDOW\System32\drivers\klif.sys SSDT[291]

SSDT \??\D:\WINDOW\System32\drivers\klif.sys SSDT[292]

SSDT \??\D:\WINDOW\System32\drivers\klif.sys SSDT[293]

SSDT \??\D:\WINDOW\System32\drivers\klif.sys SSDT[294]

SSDT \??\D:\WINDOW\System32\drivers\klif.sys SSDT[295]

SSDT \??\D:\WINDOW\System32\drivers\klif.sys SSDT[296]


---- Devices - GMER 1.0.10 ----


Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 81F9D0E8

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F52B0230] vsdatant.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [F52B0230] vsdatant.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F52B0230] vsdatant.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F52B0230] vsdatant.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F52B0230] vsdatant.sys

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 81FE77C0

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 81FE77C0

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 81FE77C0

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 81FE77C0

Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F52B0230] vsdatant.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [F52B0230] vsdatant.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F52B0230] vsdatant.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F52B0230] vsdatant.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F52B0230] vsdatant.sys

Device \Driver\00000150 \Device\00000049 IRP_MJ_SYSTEM_CONTROL [F8382A26] sptd.sys

Device \Driver\00000150 \Device\00000049 IRP_MJ_DEVICE_CHANGE [F8396BD8] sptd.sys

Device \Driver\00000150 \Device\00000049 IRP_MJ_PNP_POWER [F838F54E] sptd.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 81FE7A78

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 81FE7A78

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81B28CA0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 819AAEB0

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 819AAEB0

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 81FE7A78

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 81FE7A78

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 81E68390

Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F52B0230] vsdatant.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSEIRP_MJ_READ [F52B0230] vsdatant.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F52B0230] vsdatant.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F52B0230] vsdatant.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F52B0230] vsdatant.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F52B0230] vsdatant.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSEIRP_MJ_READ [F52B0230] vsdatant.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F52B0230] vsdatant.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F52B0230] vsdatant.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F52B0230] vsdatant.sys

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 81FE7250


---- Files - GMER 1.0.10 ----


File D:\System Volume Information\tracking.log                                    

File D:\System Volume Information\_restore{70FBFADF-CFA3-4561-966B-6633922E5257}  

File D:\System Volume Information\_restore{799E2F10-D6DD-4D04-99AB-FE59D64B499B}  

File D:\System Volume Information\_restore{85D76733-A4DD-4C85-B5DA-2267FE690FBF}  


---- EOF - GMER 1.0.10 ----

InfinityToJa · 25 Lipiec 2006 12:44

W logu czysto

worst · 25 Lipiec 2006 12:51

Kurde to ki czort sie stal z moim menedzerem? Jak go uruchomie to proces sie pojawia w gmerze ale okienko nie wyskoczy…

Złączono Posta : 25.07.2006 (Wto) 16:11

Jak bys mial jeszcze jakis pomysl to daj znac bo na mysl o instalowaniu windy mnie slabi

Złączono Posta : 26.07.2006 (Sro) 11:20

A nie wiecie co to jest? Ten wpis ms22? Czy poza tym ze nie mam menedzera moze to powodowac jakies uszkodzenia? Sprawdzilem juz adawarem, spybotem, spyware doctorem, mksem i kasperskim i nic nie wykrywa.