Piratée!!!! :(((
Fermé
Mortiscia
Messages postés
130
Date d'inscription
dimanche 18 octobre 2009
Statut
Membre
Dernière intervention
29 juin 2012
-
18 oct. 2009 à 19:34
Mortiscia Messages postés 130 Date d'inscription dimanche 18 octobre 2009 Statut Membre Dernière intervention 29 juin 2012 - 27 déc. 2009 à 22:12
Mortiscia Messages postés 130 Date d'inscription dimanche 18 octobre 2009 Statut Membre Dernière intervention 29 juin 2012 - 27 déc. 2009 à 22:12
A voir également:
- Fantamorph vs morpheus
- Instagram piratée - Accueil - Guide piratage
- Page facebook piratée - Guide
- Comment savoir si sa box est piratée - Accueil - Maison
- Boite mail free piratée - Accueil - Piratage
- Comment savoir si ma freebox est piratée - Forum Réseau
178 réponses
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
726
29 oct. 2009 à 12:00
29 oct. 2009 à 12:00
Comment se porte le PC ?
Mortiscia
Messages postés
130
Date d'inscription
dimanche 18 octobre 2009
Statut
Membre
Dernière intervention
29 juin 2012
1
30 oct. 2009 à 10:33
30 oct. 2009 à 10:33
Je n'arrive toujours pas a ouvrir mes fichiers... Désolée... :(
HELP HELP HELP!!!
Dis moi qu'il y a encore de l'espoir....
HELP HELP HELP!!!
Dis moi qu'il y a encore de l'espoir....
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
726
30 oct. 2009 à 10:36
30 oct. 2009 à 10:36
-+-+-+-> RootRepeal <-+-+-+-
[x] Télécharge RootRepeal
[x] Décompresse le sur ton bureau
[x] Double clique sur rootrepeal.exe ( Clique-droit -> Executer en tant qu'administrateur ( vista ) )
[x] Clique sur l'onglet " Report " puis sur " Scan "
[x] Coche toutes les cases ( sauf SSDT ) dans la fenêtre qui s'ouvre puis sur " Ok "
[x] A la deuxième fenêtre, séléctionne ta partition système ( en général C: )
[x] Laisse le scan s'opérer, puis copie/colle le rapport qui s'ouvrira peut de temps après le scan dans ta prochaine réponse.
-+-+-+-> List&Kill'em <-+-+-+-
[x] Télécharge List&Kill'em ( de Gen-Hackman ) sur ton bureau.
[x] /!\ Désactive tes protections résidentes ( Antivirus, Pare-feu, Anti-spyware ) le temps du scan /!\
[x] Double clique sur list_killem.exe ( clique droit -> executer en tant qu'administrateur ( vista ) )
[x] Choisis l'option F ( français ) puis l'option 1 ( Recherche )
[x] Laisse le scan s'opérer, puis copie/colle le contenu du rapport qui s'ouvrira dans ton prochain message
[x] Télécharge RootRepeal
[x] Décompresse le sur ton bureau
[x] Double clique sur rootrepeal.exe ( Clique-droit -> Executer en tant qu'administrateur ( vista ) )
[x] Clique sur l'onglet " Report " puis sur " Scan "
[x] Coche toutes les cases ( sauf SSDT ) dans la fenêtre qui s'ouvre puis sur " Ok "
[x] A la deuxième fenêtre, séléctionne ta partition système ( en général C: )
[x] Laisse le scan s'opérer, puis copie/colle le rapport qui s'ouvrira peut de temps après le scan dans ta prochaine réponse.
-+-+-+-> List&Kill'em <-+-+-+-
[x] Télécharge List&Kill'em ( de Gen-Hackman ) sur ton bureau.
[x] /!\ Désactive tes protections résidentes ( Antivirus, Pare-feu, Anti-spyware ) le temps du scan /!\
[x] Double clique sur list_killem.exe ( clique droit -> executer en tant qu'administrateur ( vista ) )
[x] Choisis l'option F ( français ) puis l'option 1 ( Recherche )
[x] Laisse le scan s'opérer, puis copie/colle le contenu du rapport qui s'ouvrira dans ton prochain message
Mortiscia
Messages postés
130
Date d'inscription
dimanche 18 octobre 2009
Statut
Membre
Dernière intervention
29 juin 2012
1
30 oct. 2009 à 11:14
30 oct. 2009 à 11:14
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 10:55
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE5C0000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79E0000 Size: 8192 File Visible: No Signed: -
Status: -
Name: PCI_PNP4054
Image Path: \Driver\PCI_PNP4054
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: RecAgent.sys
Image Path: RecAgent.sys
Address: 0xF78BC000 Size: 14560 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB8006000 Size: 49152 File Visible: No Signed: -
Status: -
Name: spff.sys
Image Path: spff.sys
Address: 0xF729A000 Size: 1052672 File Visible: No Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\WINDOWS\temp\HTT6FF.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\temp\HTT701.tmp
Status: Visible to the Windows API, but not on disk.
Path: c:\program files\sunbelt software\personal firewall\logs\debug.log.idx
Status: Size mismatch (API: 86024, Raw: 85960)
Path: c:\program files\sunbelt software\personal firewall\logs\web.log.idx
Status: Size mismatch (API: 24304, Raw: 24272)
Path: C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\CJZI9JHL\bind[1].htm
Status: Invisible to the Windows API!
Path: C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\CJZI9JHL\pl[1].htm
Status: Visible to the Windows API, but not on disk.
Path: C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\DCAWIG7N\pl[1].htm
Status: Invisible to the Windows API!
Path: C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\DCAWIG7N\bind[1].htm
Status: Visible to the Windows API, but not on disk.
Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x84bc61f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x84bc61f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84bc61f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84bc61f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x84bc61f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84bc61f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x84bc61f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: usbstor, IRP_MJ_CREATE]
Process: System Address: 0x8399b1f8 Size: 121
Object: Hidden Code [Driver: usbstor, IRP_MJ_CLOSE]
Process: System Address: 0x8399b1f8 Size: 121
Object: Hidden Code [Driver: usbstor, IRP_MJ_READ]
Process: System Address: 0x8399b1f8 Size: 121
Object: Hidden Code [Driver: usbstor, IRP_MJ_WRITE]
Process: System Address: 0x8399b1f8 Size: 121
Object: Hidden Code [Driver: usbstor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8399b1f8 Size: 121
Object: Hidden Code [Driver: usbstor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8399b1f8 Size: 121
Object: Hidden Code [Driver: usbstor, IRP_MJ_POWER]
Process: System Address: 0x8399b1f8 Size: 121
Object: Hidden Code [Driver: usbstor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8399b1f8 Size: 121
Object: Hidden Code [Driver: usbstor, IRP_MJ_PNP]
Process: System Address: 0x8399b1f8 Size: 121
Object: Hidden Code [Driver: Ptil, IRP_MJ_CREATE]
Process: System Address: 0x846a4500 Size: 121
Object: Hidden Code [Driver: Ptil, IRP_MJ_CLOSE]
Process: System Address: 0x846a4500 Size: 121
Object: Hidden Code [Driver: Ptil, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x846a4500 Size: 121
Object: Hidden Code [Driver: Ptil, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x846a4500 Size: 121
Object: Hidden Code [Driver: Ptil, IRP_MJ_POWER]
Process: System Address: 0x846a4500 Size: 121
Object: Hidden Code [Driver: Ptil, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x846a4500 Size: 121
Object: Hidden Code [Driver: Ptil, IRP_MJ_PNP]
Process: System Address: 0x846a4500 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x848f51f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x848f51f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x848f51f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x848f51f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x848f51f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x848f51f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x848f51f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x840871f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x840871f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x840871f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x840871f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x840871f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x840871f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x848de1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x848de1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x848de1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x848de1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x848de1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x848de1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x848de1f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_CREATE]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_CLOSE]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_READ]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_SHUTDOWN]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_CLEANUP]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_PNP]
Process: System Address: 0x848711f8 Size: 121
==EOF==
==================================================
Scan Start Time: 2009/10/30 10:55
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE5C0000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79E0000 Size: 8192 File Visible: No Signed: -
Status: -
Name: PCI_PNP4054
Image Path: \Driver\PCI_PNP4054
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: RecAgent.sys
Image Path: RecAgent.sys
Address: 0xF78BC000 Size: 14560 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB8006000 Size: 49152 File Visible: No Signed: -
Status: -
Name: spff.sys
Image Path: spff.sys
Address: 0xF729A000 Size: 1052672 File Visible: No Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\WINDOWS\temp\HTT6FF.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\temp\HTT701.tmp
Status: Visible to the Windows API, but not on disk.
Path: c:\program files\sunbelt software\personal firewall\logs\debug.log.idx
Status: Size mismatch (API: 86024, Raw: 85960)
Path: c:\program files\sunbelt software\personal firewall\logs\web.log.idx
Status: Size mismatch (API: 24304, Raw: 24272)
Path: C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\CJZI9JHL\bind[1].htm
Status: Invisible to the Windows API!
Path: C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\CJZI9JHL\pl[1].htm
Status: Visible to the Windows API, but not on disk.
Path: C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\DCAWIG7N\pl[1].htm
Status: Invisible to the Windows API!
Path: C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\DCAWIG7N\bind[1].htm
Status: Visible to the Windows API, but not on disk.
Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x84bc51f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x8395b1f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x84bc61f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x84bc61f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84bc61f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84bc61f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x84bc61f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84bc61f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x84bc61f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x84b5b1f8 Size: 121
Object: Hidden Code [Driver: usbstor, IRP_MJ_CREATE]
Process: System Address: 0x8399b1f8 Size: 121
Object: Hidden Code [Driver: usbstor, IRP_MJ_CLOSE]
Process: System Address: 0x8399b1f8 Size: 121
Object: Hidden Code [Driver: usbstor, IRP_MJ_READ]
Process: System Address: 0x8399b1f8 Size: 121
Object: Hidden Code [Driver: usbstor, IRP_MJ_WRITE]
Process: System Address: 0x8399b1f8 Size: 121
Object: Hidden Code [Driver: usbstor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8399b1f8 Size: 121
Object: Hidden Code [Driver: usbstor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8399b1f8 Size: 121
Object: Hidden Code [Driver: usbstor, IRP_MJ_POWER]
Process: System Address: 0x8399b1f8 Size: 121
Object: Hidden Code [Driver: usbstor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8399b1f8 Size: 121
Object: Hidden Code [Driver: usbstor, IRP_MJ_PNP]
Process: System Address: 0x8399b1f8 Size: 121
Object: Hidden Code [Driver: Ptil, IRP_MJ_CREATE]
Process: System Address: 0x846a4500 Size: 121
Object: Hidden Code [Driver: Ptil, IRP_MJ_CLOSE]
Process: System Address: 0x846a4500 Size: 121
Object: Hidden Code [Driver: Ptil, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x846a4500 Size: 121
Object: Hidden Code [Driver: Ptil, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x846a4500 Size: 121
Object: Hidden Code [Driver: Ptil, IRP_MJ_POWER]
Process: System Address: 0x846a4500 Size: 121
Object: Hidden Code [Driver: Ptil, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x846a4500 Size: 121
Object: Hidden Code [Driver: Ptil, IRP_MJ_PNP]
Process: System Address: 0x846a4500 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x848f51f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x848f51f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x848f51f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x848f51f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x848f51f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x848f51f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x848f51f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x84bc71f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x840871f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x840871f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x840871f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x840871f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x840871f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x840871f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x846241f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x848de1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x848de1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x848de1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x848de1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x848de1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x848de1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x848de1f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x846f0500 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_CREATE]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_CLOSE]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_READ]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_SHUTDOWN]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_CLEANUP]
Process: System Address: 0x848711f8 Size: 121
Object: Hidden Code [Driver: CdfsЅఅ浗灩ACPIMOFResou, IRP_MJ_PNP]
Process: System Address: 0x848711f8 Size: 121
==EOF==
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Mortiscia
Messages postés
130
Date d'inscription
dimanche 18 octobre 2009
Statut
Membre
Dernière intervention
29 juin 2012
1
30 oct. 2009 à 11:50
30 oct. 2009 à 11:50
Par contre le lien de List&Kill'em ne fonctionne pas
Salut,
c'est à ça que ressemblait le message que tu as ignoré :
https://www.mcafee.com/enterprise/en-us/threat-center.html#threatsearch
Si oui, quelques informations complémentaires :
https://www.zdnet.com/blog/
https://www.zdnet.com/blog/
D'autres pistes :
- utiliser une distribution Linux pour voir si les fichiers sont lisibles sous un autre système d'exploitation (si c'est le cas, les fichiers ne sont pas encryptés seuls les droits d'accès ont été modifiés)
- regarder si des fichiers ont été créés autour du 11/10/2009 - 01:57:59 ce qui correspond à la création de C:\WINDOWS\CryptLogFile.txt et qui seraient une copie des fichiers originaux avant cryptage (si les fichiers ne sont pas lisibles sous un autre système d'exploitation)
- utiliser la méthode suggérée dans le dernier lien (recherche des fichiers supprimés avec un utilitaire ad hoc tel que File recovery) ( https://www.commentcamarche.net/telecharger/utilitaires/17061-pc-inspector-file-recovery/ ). Pas simple d'emploi. Tu seras peut être obligée de trouver une boutique spécialisée et de payer.
Bonne chance.
c'est à ça que ressemblait le message que tu as ignoré :
https://www.mcafee.com/enterprise/en-us/threat-center.html#threatsearch
Si oui, quelques informations complémentaires :
https://www.zdnet.com/blog/
https://www.zdnet.com/blog/
D'autres pistes :
- utiliser une distribution Linux pour voir si les fichiers sont lisibles sous un autre système d'exploitation (si c'est le cas, les fichiers ne sont pas encryptés seuls les droits d'accès ont été modifiés)
- regarder si des fichiers ont été créés autour du 11/10/2009 - 01:57:59 ce qui correspond à la création de C:\WINDOWS\CryptLogFile.txt et qui seraient une copie des fichiers originaux avant cryptage (si les fichiers ne sont pas lisibles sous un autre système d'exploitation)
- utiliser la méthode suggérée dans le dernier lien (recherche des fichiers supprimés avec un utilitaire ad hoc tel que File recovery) ( https://www.commentcamarche.net/telecharger/utilitaires/17061-pc-inspector-file-recovery/ ). Pas simple d'emploi. Tu seras peut être obligée de trouver une boutique spécialisée et de payer.
Bonne chance.
Mortiscia
Messages postés
130
Date d'inscription
dimanche 18 octobre 2009
Statut
Membre
Dernière intervention
29 juin 2012
1
30 oct. 2009 à 16:16
30 oct. 2009 à 16:16
Ouiiiii!!!!! c'est exactement ça! Je télécharge les fichiers qu'on me propose c'est ça?
Salut,
attends les consignes de Xplode, c'est lui qui t'a pris en charge.
J'ai donné des pistes. A lui de te guider.
Bon courage.
attends les consignes de Xplode, c'est lui qui t'a pris en charge.
J'ai donné des pistes. A lui de te guider.
Bon courage.
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
726
30 oct. 2009 à 20:40
30 oct. 2009 à 20:40
Salut à vous deux.
Je suis dans l'incapacité de t'aider pour ces histoires de cryptage, mes compétences s'arrêtent à la désinfection informatique.
Je suis dans l'incapacité de t'aider pour ces histoires de cryptage, mes compétences s'arrêtent à la désinfection informatique.
Mortiscia
Messages postés
130
Date d'inscription
dimanche 18 octobre 2009
Statut
Membre
Dernière intervention
29 juin 2012
1
30 oct. 2009 à 21:06
30 oct. 2009 à 21:06
Merci beaucoup beaucoup Xplode pour ton aide!
A ton avis est ce que je devrai poster un nouveau sujet commençant directement avec ce lien:
https://www.mcafee.com/enterprise/en-us/threat-center.html#threatsearch
afin de mieux expliquer mon probleme et trouver peut etre une solution?
A ton avis est ce que je devrai poster un nouveau sujet commençant directement avec ce lien:
https://www.mcafee.com/enterprise/en-us/threat-center.html#threatsearch
afin de mieux expliquer mon probleme et trouver peut etre une solution?
Mortiscia
Messages postés
130
Date d'inscription
dimanche 18 octobre 2009
Statut
Membre
Dernière intervention
29 juin 2012
1
30 oct. 2009 à 21:15
30 oct. 2009 à 21:15
ah oui, as tu un bon antivirus gratuit a me conseiller? et un firewall, bref de quoi bien proteger mon ordi malgré la contrainte de gratuité...
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
31 oct. 2009 à 02:02
31 oct. 2009 à 02:02
Bonsoir,
on va essayer d'avancer.
Mais je ne te cache pas que je ne te garantis pas la récupération de tes données.
Si c'est possible, utilise un autre ordi pour les opérations qui ne nécessitent pas d'utiliser l'ordi malade.
Si tu disposes d'un DD externe, fais y une copie des fichiers illisbles.
Je suppose aussi que tu n'as pas de sauvegarde de tes fichiers.
==
On commence par voir si on peut lire les fichiers avec un autre OS.
Tu as ici un tuto pour fabriquer un live CD basé sur une distribution Linux.
Avec ce Cd, tu vas pouvoir accéder au disque dur et à son contenu sans installation.
Il faudra que tu modifies éventuellement l'ordre de boot en rentrant dans le Bios pour "booter en premier sue le lecteur de Cd et non sur le disque dur.
Le tuto :
http://brenta.free.fr/spip.php?article24
Des infos sur les logiciels que tu vas pouvoir trouver :
http://kaella.linux-azur.org/documentation/table.php
Quand tu as le fichier gravé "en mode iso", tu démarres sur le CD et tu essayes de lire tes fichiers soit avec The Gimp pour les jpg soit avec OpenOffice writer pour les documents word.
Honnêtement, je serais très agréablement surpris si tu les lis (mais je l'espère).
on va essayer d'avancer.
Mais je ne te cache pas que je ne te garantis pas la récupération de tes données.
Si c'est possible, utilise un autre ordi pour les opérations qui ne nécessitent pas d'utiliser l'ordi malade.
Si tu disposes d'un DD externe, fais y une copie des fichiers illisbles.
Je suppose aussi que tu n'as pas de sauvegarde de tes fichiers.
==
On commence par voir si on peut lire les fichiers avec un autre OS.
Tu as ici un tuto pour fabriquer un live CD basé sur une distribution Linux.
Avec ce Cd, tu vas pouvoir accéder au disque dur et à son contenu sans installation.
Il faudra que tu modifies éventuellement l'ordre de boot en rentrant dans le Bios pour "booter en premier sue le lecteur de Cd et non sur le disque dur.
Le tuto :
http://brenta.free.fr/spip.php?article24
Des infos sur les logiciels que tu vas pouvoir trouver :
http://kaella.linux-azur.org/documentation/table.php
Quand tu as le fichier gravé "en mode iso", tu démarres sur le CD et tu essayes de lire tes fichiers soit avec The Gimp pour les jpg soit avec OpenOffice writer pour les documents word.
Honnêtement, je serais très agréablement surpris si tu les lis (mais je l'espère).
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
31 oct. 2009 à 02:38
31 oct. 2009 à 02:38
Re,
une référence qui pourra servir (merci à engil et wawaseb)
http://community.ca.com/...
surtout si tu confirmes que le fichier "en russe" était aussi sur l'ordi (avec CryptLogFile.txt)
une référence qui pourra servir (merci à engil et wawaseb)
http://community.ca.com/...
surtout si tu confirmes que le fichier "en russe" était aussi sur l'ordi (avec CryptLogFile.txt)
Mortiscia
Messages postés
130
Date d'inscription
dimanche 18 octobre 2009
Statut
Membre
Dernière intervention
29 juin 2012
1
31 oct. 2009 à 10:54
31 oct. 2009 à 10:54
Bon là le problème c'est que mon lecteur CD est HS, donc je te refais signe une fois le problème du lecteur résolu.
Merci
A+
Merci
A+
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
31 oct. 2009 à 11:04
31 oct. 2009 à 11:04
Bonjour,
as tu un DD externe USB ?
Si oui, on va provisoirement sauter l'étape de la kaella et essayer l'outil de CA.
De toute manière, c'est pratiquement une nécessité d'avoir un DD externe de manière à avoir une copie de ses fichiers sur un autre support.
as tu un DD externe USB ?
Si oui, on va provisoirement sauter l'étape de la kaella et essayer l'outil de CA.
De toute manière, c'est pratiquement une nécessité d'avoir un DD externe de manière à avoir une copie de ses fichiers sur un autre support.
Mortiscia
Messages postés
130
Date d'inscription
dimanche 18 octobre 2009
Statut
Membre
Dernière intervention
29 juin 2012
1
31 oct. 2009 à 12:42
31 oct. 2009 à 12:42
J'en ai un mais il ne reste plus d'espace dessus... une clé USB ne fais pas l'affaire?
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
31 oct. 2009 à 12:54
31 oct. 2009 à 12:54
Re,
tes fichiers illisibles ne sont pas sur ton DD USB ?
Pour la clé, c'est un problème de taille par rapport à la taille des fichiers à récupérer.
Il faudrait au moins une clé 2 fois plus grande.
Je pourrais te faire utiliser le DD interne. Mais cela peut compliquer l'utilisation d'un logiciel de récupération des données (moins on écrit sur le disque, plus on augmente les chances).
tes fichiers illisibles ne sont pas sur ton DD USB ?
Pour la clé, c'est un problème de taille par rapport à la taille des fichiers à récupérer.
Il faudrait au moins une clé 2 fois plus grande.
Je pourrais te faire utiliser le DD interne. Mais cela peut compliquer l'utilisation d'un logiciel de récupération des données (moins on écrit sur le disque, plus on augmente les chances).
Mortiscia
Messages postés
130
Date d'inscription
dimanche 18 octobre 2009
Statut
Membre
Dernière intervention
29 juin 2012
1
31 oct. 2009 à 13:09
31 oct. 2009 à 13:09
Bon, je suis une fille tres patiente, je peux le faire par étapes, en plus parmis les fichiers que j'ai perdu je peux selectionner les plus importants et donc utiliser juste la moitié de l'espace de la clé (ma clé fait 2Go).
Enfin bref je ne sais pas si ce que je viens de dire est logique, à toi de me dire si c'est faisable.
Enfin bref je ne sais pas si ce que je viens de dire est logique, à toi de me dire si c'est faisable.
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
31 oct. 2009 à 13:37
31 oct. 2009 à 13:37
Re,
techniquement je ne crois pas.
L'outil demande que l'on précise le répertoire des fichiers cryptés et le répertoire de destination des fichiers restaurés.
Je n'ai pas vu la possibilité de traiter une liste de fichiers.
Et donc la taille de ta clé me semble trop faible.
techniquement je ne crois pas.
L'outil demande que l'on précise le répertoire des fichiers cryptés et le répertoire de destination des fichiers restaurés.
Je n'ai pas vu la possibilité de traiter une liste de fichiers.
Et donc la taille de ta clé me semble trop faible.
Mortiscia
Messages postés
130
Date d'inscription
dimanche 18 octobre 2009
Statut
Membre
Dernière intervention
29 juin 2012
1
31 oct. 2009 à 14:16
31 oct. 2009 à 14:16
Ok des que g une solution (lecteur CD ou DD) je te fais signe.
Merci
Merci