INFECTION OU VIRUS? application cannot be executed. the file avwse.eye

[pear]

 

Télécharger gmer

 

- Cliquer sur le bouton "Download EXE"

- Sauvegardez sur le Bureau.

- Collez et sauvegardez ces instructions dans un fichier texte ou imprimez-les, car il faudra fermer le navigateur.

Avant toute utilisation de GMER, veuillez désactiver votre antivirus, antispyware sous peine de crash.

 

- Fermez les fenêtres de navigateur ouvertes.

- Lancez le fichier téléchargé par double clic(le nom comporte 8 chiffres/lettres aléatoires) ;

- Si l'outil lance un warning d'activité de rootkit et demande de faire un scan ; cliquez "NO"

- Dans la section de droite de la fenêtre de l'outil, Vérifiez que soient décochées les options suivantes :

Show All

Cochez juste " Sections" et "Files

- Cliquez sur le bouton "Scan" et patientez (cela peut prendre 10 minutes ou +)

Il peut arriver que GMER plante sans raison apparente.

Vous pouvez essayer ceci : décocher "Devices" dans un premier temps et repasser l'outil ;

si ça coince toujours, décocher en plus "Files" et ré-essayez un scan.

Lorsque les informations sur le scan s'affichent , les éléments détectés comme rootkit apparaissent en rouge dans chaque section.

 

Le bouton Copy permet de récupérer le résultat pour effectuer un copier/coller.

Le bouton Save permet l'enregistrement du rapport sur votre disque au format texte.

[kickoff]

c'est fait y a t il un rapport a poster?

[pear]

Oui, il faut poster le rapport:

Lorsque les informations sur le scan s'affichent , les éléments détectés comme rootkit apparaissent en rouge dans chaque section.

 

Le bouton Copy permet de récupérer le résultat pour effectuer un copier/coller.

[kickoff]

le probleme c'est qu il n'y a pas de rappport, apres le scan l'ordi a redemarré tout seul, et quand je retourne sur le logiciel pour faire copy, il veut pas .

bon la l'ordi est planté je ressaye tout a l'heure et vous tiens au courant

[kickoff]

mon ordinateur plante lamentablement depuis que j'ai fait le scan avec gmer ?? je n'arrive pas a récuperer le rapport

[pear]

C'est indiqué dans la procédure:

 

Il peut arriver que GMER plante sans raison apparente.

Vous pouvez essayer ceci : décocher "Devices" dans un premier temps et repasser l'outil ;

si ça coince toujours, décocher en plus "Files" et ré-essayez un scan.

[kickoff]

Bonsoir

 

voila le rapport

 

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit quick scan 2010-06-01 20:16:22

Windows 5.1.2600 Service Pack 3

Running: upl1b8jx.exe; Driver: C:\DOCUME~1\Julien\LOCALS~1\Temp\uxldypog.sys

 

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

 

---- EOF - GMER 1.0.15 ----

[pear]

Bonsoir,

Gmer ne voit rien.

 

 

 

Recherche de rootkit

Téléchargez RootRepeal

Désactiver les modules résidents:l'antivirus,antispyware ,Parefeu

 

Vous devez avoir les droits Administrateur

 

Installez RootRepeal , cliquez sur *Settings->Options*

Onglet "Général Cochez->Only suspicious ..

. [Driver scan] ... [Files scan] ... [Processes scan] ... [sSDT scan] (v. 1.1.0)

aucune raison de changer les paramètres standards.

 

Dans le [ File Scan ] l'option [X] [ Check for file size differences ] est celle qui permet la détection des fichiers dont la taille a été modifiée comme le fait par exemple le rootkit "Rustock.C". Il est donc fortement conseillé de ne pas la désactiver.

 

Dans le [ SSDT scan ], l'option [X] [ Check for hooked SYSENTER/INT 2E ] permet le scan des appels au système par SYSENTER ou INT 2E.

 

Choix des scans (boutons de sélection en bas, à gauche).

 

Chaque option comporte deux boutons [ Scan ] pour lancer l'analyse et [ Save Report ]qui permet d'enregistrer le rapport au format « .txt » dans le répertoire choisi (éventuellement dans le répertoire de démarrage de RootRepeal).

 

[ Report ]permet d'enchaîner plusieurs ou toutes les fonctions précédentes.

Cliquez [select scan]

Dans la fenêtre qui s'ouvre, sélectionner les options à exécuter(Cochez tout).

 

Un choix des partitions du disque est possible dans la fenêtre [select drives].

Cliquez sur Save Report

Lancez le scan,

Si RootRepeal ne trouve rien , il affichera ceci:

 

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/08/04 18:47

Program Version: Version 1.3.2.0

Windows Version: Windows XP SP3

==================================================

 

Drivers

-------------------

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xEB27E000 Size: 49152 File Visible: No Signed: -

Status: -

==EOF==

[kickoff]

voila

 

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/06/01 22:36

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

 

Drivers

-------------------

Name: ACPI.sys

Image Path: ACPI.sys

Address: 0xF75A7000 Size: 188672 File Visible: - Signed: -

Status: -

 

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

 

Name: ACPIEC.sys

Image Path: ACPIEC.sys

Address: 0xF78A3000 Size: 12032 File Visible: - Signed: -

Status: -

 

Name: afd.sys

Image Path: C:\WINDOWS\System32\drivers\afd.sys

Address: 0xBA1F5000 Size: 138496 File Visible: - Signed: -

Status: -

 

Name: atapi.sys

Image Path: atapi.sys

Address: 0xF7499000 Size: 96512 File Visible: - Signed: -

Status: -

 

Name: atiide.sys

Image Path: atiide.sys

Address: 0xF7A51000 Size: 3456 File Visible: - Signed: -

Status: -

 

Name: ATMFD.DLL

Image Path: C:\WINDOWS\System32\ATMFD.DLL

Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -

Status: -

 

Name: BATTC.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS

Address: 0xF789F000 Size: 16384 File Visible: - Signed: -

Status: -

 

Name: bcm4sbxp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

Address: 0xF7697000 Size: 65536 File Visible: - Signed: -

Status: -

 

Name: bcmwl5.sys

Image Path: C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

Address: 0xBA649000 Size: 1123328 File Visible: - Signed: -

Status: -

 

Name: Beep.SYS

Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS

Address: 0xF79A7000 Size: 4224 File Visible: - Signed: -

Status: -

 

Name: BOOTVID.dll

Image Path: C:\WINDOWS\system32\BOOTVID.dll

Address: 0xF7897000 Size: 12288 File Visible: - Signed: -

Status: -

 

Name: Cdfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS

Address: 0xF7536000 Size: 63744 File Visible: - Signed: -

Status: -

 

Name: cdrom.sys

Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Address: 0xF7667000 Size: 62976 File Visible: - Signed: -

Status: -

 

Name: CLASSPNP.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Address: 0xF7637000 Size: 53248 File Visible: - Signed: -

Status: -

 

Name: compbatt.sys

Image Path: compbatt.sys

Address: 0xF789B000 Size: 10240 File Visible: - Signed: -

Status: -

 

Name: disk.sys

Image Path: disk.sys

Address: 0xF7627000 Size: 36352 File Visible: - Signed: -

Status: -

 

Name: DLACDBHM.SYS

Image Path: DLACDBHM.SYS

Address: 0xF798B000 Size: 7936 File Visible: - Signed: -

Status: -

 

Name: DLARTL_M.SYS

Image Path: C:\WINDOWS\System32\Drivers\DLARTL_M.SYS

Address: 0xF780F000 Size: 23424 File Visible: - Signed: -

Status: -

 

Name: dmio.sys

Image Path: dmio.sys

Address: 0xF74B1000 Size: 154496 File Visible: - Signed: -

Status: -

 

Name: DRVMCDB.SYS

Image Path: DRVMCDB.SYS

Address: 0xF7450000 Size: 90976 File Visible: - Signed: -

Status: -

 

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xBA11A000 Size: 98304 File Visible: No Signed: -

Status: -

 

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF79B1000 Size: 8192 File Visible: No Signed: -

Status: -

 

Name: Dxapi.sys

Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys

Address: 0xBA319000 Size: 12288 File Visible: - Signed: -

Status: -

 

Name: dxg.sys

Image Path: C:\WINDOWS\System32\drivers\dxg.sys

Address: 0xBF000000 Size: 73728 File Visible: - Signed: -

Status: -

 

Name: dxgthk.sys

Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys

Address: 0xF7A8B000 Size: 4096 File Visible: - Signed: -

Status: -

 

Name: fltmgr.sys

Image Path: fltmgr.sys

Address: 0xF7479000 Size: 129792 File Visible: - Signed: -

Status: -

 

Name: framebuf.dll

Image Path: C:\WINDOWS\System32\framebuf.dll

Address: 0xBFF70000 Size: 12288 File Visible: - Signed: -

Status: -

 

Name: Fs_Rec.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xF79A3000 Size: 7936 File Visible: - Signed: -

Status: -

 

Name: ftdisk.sys

Image Path: ftdisk.sys

Address: 0xF74D7000 Size: 126080 File Visible: - Signed: -

Status: -

 

Name: hal.dll

Image Path: C:\WINDOWS\system32\hal.dll

Address: 0x806FF000 Size: 134400 File Visible: - Signed: -

Status: -

 

Name: HDAudBus.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

Address: 0xBA53A000 Size: 163840 File Visible: - Signed: -

Status: -

 

Name: HIDCLASS.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS

Address: 0xF7546000 Size: 36864 File Visible: - Signed: -

Status: -

 

Name: HIDPARSE.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS

Address: 0xF779F000 Size: 28672 File Visible: - Signed: -

Status: -

 

Name: hidusb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys

Address: 0xBA34F000 Size: 10368 File Visible: - Signed: -

Status: -

 

Name: i2omgmt.SYS

Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS

Address: 0xBA7A8000 Size: 8576 File Visible: - Signed: -

Status: -

 

Name: i8042prt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys

Address: 0xF7687000 Size: 54144 File Visible: - Signed: -

Status: -

 

Name: imapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys

Address: 0xF7657000 Size: 42112 File Visible: - Signed: -

Status: -

 

Name: ipnat.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys

Address: 0xBA23F000 Size: 152832 File Visible: - Signed: -

Status: -

 

Name: ipsec.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys

Address: 0xBA2BE000 Size: 75264 File Visible: - Signed: -

Status: -

 

Name: isapnp.sys

Image Path: isapnp.sys

Address: 0xF75F7000 Size: 37632 File Visible: - Signed: -

Status: -

 

Name: kbdclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys

Address: 0xF777F000 Size: 25216 File Visible: - Signed: -

Status: -

 

Name: KDCOM.DLL

Image Path: C:\WINDOWS\system32\KDCOM.DLL

Address: 0xF7987000 Size: 8192 File Visible: - Signed: -

Status: -

 

Name: ks.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys

Address: 0xBA562000 Size: 143360 File Visible: - Signed: -

Status: -

 

Name: KSecDD.sys

Image Path: KSecDD.sys

Address: 0xF7439000 Size: 92928 File Visible: - Signed: -

Status: -

 

Name: mouclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys

Address: 0xF7797000 Size: 23680 File Visible: - Signed: -

Status: -

 

Name: mouhid.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys

Address: 0xBA347000 Size: 12288 File Visible: - Signed: -

Status: -

 

Name: MountMgr.sys

Image Path: MountMgr.sys

Address: 0xF7607000 Size: 42368 File Visible: - Signed: -

Status: -

 

Name: mrxsmb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

Address: 0xBA15A000 Size: 455680 File Visible: - Signed: -

Status: -

 

Name: Msfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS

Address: 0xF774F000 Size: 19072 File Visible: - Signed: -

Status: -

 

Name: msgpc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys

Address: 0xF76E7000 Size: 35072 File Visible: - Signed: -

Status: -

 

Name: mssmbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys

Address: 0xBA7F0000 Size: 15488 File Visible: - Signed: -

Status: -

 

Name: Mup.sys

Image Path: Mup.sys

Address: 0xF787D000 Size: 105344 File Visible: - Signed: -

Status: -

 

Name: NDIS.sys

Image Path: NDIS.sys

Address: 0xF740C000 Size: 182656 File Visible: - Signed: -

Status: -

 

Name: ndistapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys

Address: 0xF7937000 Size: 10112 File Visible: - Signed: -

Status: -

 

Name: ndisuio.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys

Address: 0xB9E06000 Size: 14592 File Visible: - Signed: -

Status: -

 

Name: ndiswan.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys

Address: 0xBA4EE000 Size: 91520 File Visible: - Signed: -

Status: -

 

Name: NDProxy.SYS

Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Address: 0xF7586000 Size: 40576 File Visible: - Signed: -

Status: -

 

Name: netbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys

Address: 0xF7566000 Size: 34688 File Visible: - Signed: -

Status: -

 

Name: netbt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys

Address: 0xBA217000 Size: 162816 File Visible: - Signed: -

Status: -

 

Name: Npfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS

Address: 0xF776F000 Size: 30848 File Visible: - Signed: -

Status: -

 

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xF7B52000 Size: 574976 File Visible: - Signed: -

Status: -

 

Name: ntoskrnl.exe

Image Path: C:\WINDOWS\system32\ntoskrnl.exe

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

 

Name: Null.SYS

Image Path: C:\WINDOWS\System32\Drivers\Null.SYS

Address: 0xF7A71000 Size: 2944 File Visible: - Signed: -

Status: -

 

Name: OPRGHDLR.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

Address: 0xF7A50000 Size: 4096 File Visible: - Signed: -

Status: -

 

Name: PartMgr.sys

Image Path: PartMgr.sys

Address: 0xF770F000 Size: 19712 File Visible: - Signed: -

Status: -

 

Name: pci.sys

Image Path: pci.sys

Address: 0xF7596000 Size: 68608 File Visible: - Signed: -

Status: -

 

Name: pciide.sys

Image Path: pciide.sys

Address: 0xF7A4F000 Size: 3328 File Visible: - Signed: -

Status: -

 

Name: PCIIDEX.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Address: 0xF7707000 Size: 28672 File Visible: - Signed: -

Status: -

 

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

 

Name: psched.sys

Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys

Address: 0xBA4DD000 Size: 69120 File Visible: - Signed: -

Status: -

 

Name: ptilink.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys

Address: 0xF77C7000 Size: 17792 File Visible: - Signed: -

Status: -

 

Name: PxHelp20.sys

Image Path: PxHelp20.sys

Address: 0xF7647000 Size: 36320 File Visible: - Signed: -

Status: -

 

Name: rasacd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys

Address: 0xBA798000 Size: 8832 File Visible: - Signed: -

Status: -

 

Name: rasl2tp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

Address: 0xF76B7000 Size: 51328 File Visible: - Signed: -

Status: -

 

Name: raspppoe.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys

Address: 0xF76C7000 Size: 41472 File Visible: - Signed: -

Status: -

 

Name: raspptp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys

Address: 0xF76D7000 Size: 48384 File Visible: - Signed: -

Status: -

 

Name: raspti.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys

Address: 0xF77D7000 Size: 16512 File Visible: - Signed: -

Status: -

 

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

 

Name: rdbss.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys

Address: 0xBA1CA000 Size: 175744 File Visible: - Signed: -

Status: -

 

Name: RDPCDD.sys

Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Address: 0xF79AB000 Size: 4224 File Visible: - Signed: -

Status: -

 

Name: rdpdr.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys

Address: 0xBA45D000 Size: 196224 File Visible: - Signed: -

Status: -

 

Name: RDPWD.SYS

Image Path: C:\WINDOWS\System32\Drivers\RDPWD.SYS

Address: 0xB9A5E000 Size: 139520 File Visible: - Signed: -

Status: -

 

Name: redbook.sys

Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys

Address: 0xF7677000 Size: 58752 File Visible: - Signed: -

Status: -

 

Name: rimmptsk.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

Address: 0xF76A7000 Size: 57344 File Visible: - Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB9E7A000 Size: 49152 File Visible: No Signed: -

Status: -

 

Name: sr.sys

Image Path: sr.sys

Address: 0xF7467000 Size: 73600 File Visible: - Signed: -

Status: -

 

Name: srv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys

Address: 0xB9AA9000 Size: 353792 File Visible: - Signed: -

Status: -

 

Name: swenum.sys

Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys

Address: 0xF7995000 Size: 4352 File Visible: - Signed: -

Status: -

 

Name: SynTP.sys

Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys

Address: 0xBA505000 Size: 216800 File Visible: - Signed: -

Status: -

 

Name: tcpip.sys

Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys

Address: 0xBA265000 Size: 361600 File Visible: - Signed: -

Status: -

 

Name: TDI.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS

Address: 0xF77B7000 Size: 20480 File Visible: - Signed: -

Status: -

 

Name: TDTCP.SYS

Image Path: C:\WINDOWS\System32\Drivers\TDTCP.SYS

Address: 0xF77BF000 Size: 21760 File Visible: - Signed: -

Status: -

 

Name: termdd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys

Address: 0xF76F7000 Size: 40704 File Visible: - Signed: -

Status: -

 

Name: update.sys

Image Path: C:\WINDOWS\system32\DRIVERS\update.sys

Address: 0xBA3FF000 Size: 384768 File Visible: - Signed: -

Status: -

 

Name: USBD.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS

Address: 0xF798F000 Size: 8192 File Visible: - Signed: -

Status: -

 

Name: usbehci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Address: 0xF775F000 Size: 30208 File Visible: - Signed: -

Status: -

 

Name: usbhub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys

Address: 0xF7576000 Size: 59520 File Visible: - Signed: -

Status: -

 

Name: usbohci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys

Address: 0xF7757000 Size: 17152 File Visible: - Signed: -

Status: -

 

Name: USBPORT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS

Address: 0xBA625000 Size: 147456 File Visible: - Signed: -

Status: -

 

Name: vga.sys

Image Path: C:\WINDOWS\System32\drivers\vga.sys

Address: 0xF7817000 Size: 20992 File Visible: - Signed: -

Status: -

 

Name: VIDEOPRT.SYS

Image Path: C:\WINDOWS\System32\drivers\VIDEOPRT.SYS

Address: 0xBA2F1000 Size: 81920 File Visible: - Signed: -

Status: -

 

Name: VolSnap.sys

Image Path: VolSnap.sys

Address: 0xF7617000 Size: 53376 File Visible: - Signed: -

Status: -

 

Name: watchdog.sys

Image Path: C:\WINDOWS\System32\watchdog.sys

Address: 0xF77CF000 Size: 20480 File Visible: - Signed: -

Status: -

 

Name: Win32k

Image Path: \Driver\Win32k

Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -

Status: -

 

Name: win32k.sys

Image Path: C:\WINDOWS\System32\win32k.sys

Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -

Status: -

 

Name: wmiacpi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

Address: 0xF791F000 Size: 8832 File Visible: - Signed: -

Status: -

 

Name: WMILIB.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS

Address: 0xF7989000 Size: 8192 File Visible: - Signed: -

Status: -

 

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

[kickoff]

Bonjour,

 

je précise que mon ordi fonctionne beaucoup mieux et je vous remercie.

il y a juste un rootkit en quarantaine dans avira, faut il que je le supprime?

 

merci

 

julien