Vendredi 21 Mars 2025
[Réglé] RAM mémory usage5 is critically high

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

[Réglé] RAM mémory usage5 is critically high

Message le 13 Jan 2011 11:44


Ce matin en démarrant ma session , j'ai un écran noir et Disk Helper (que je n'ai jamais installé qui démarre un scan durant lequel il me trouve 6 erreurs fatales (résumé:cluster ,hdd error,32% of hdd unreadable,hdd doesn'nt respond,bad sector,boot sector damaged).
Il me suggère un défrag et puis un logiciel payant pour réparer.
En bas à droite apparait le message :RAM mémory usage5 is critically high. RAM mémory failed.

A notre que j'utilise actuellement la deuxième session sans pb.

C'est quoi ce Disk Helper:une arnaque?
Et comment m'en sortir.J'ai passé Avira :pas de virus
J'ai voulu désinstaller Disk Helper :impossible.
Re: RAM mémory usage5 is critically high

Message le 13 Jan 2011 12:02


Je ne suis pas sur, mais ça pourais etre un malware.
Est-ce que sur ton dd tu as un logiciel qui s'appelerais HDD OK ?
Re: RAM mémory usage5 is critically high

Message le 13 Jan 2011 12:02


Sujet transféré dans le forum Sécurité & Virus.

Edit AtOM: utilise ce << Sujet >> pour préparer ta demande de désinfection,
A lire calmement & à appliquer de même. Bonne chasse pour nos Helpers.
Re: RAM mémory usage5 is critically high

Message le 13 Jan 2011 14:03

Code: Tout sélectionner
OTL logfile created on: 13/01/2011 13:46:36 - Run 1
OTL by OldTimer - Version     Folder = E:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
894,00 Mb Total Physical Memory | 555,00 Mb Available Physical Memory | 62,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66,71 Gb Total Space | 32,01 Gb Free Space | 47,98% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 157,45 Gb Free Space | 67,61% Space Free | Partition Type: NTFS
Computer Name: FRANCIS | User Name: FRANCIS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2011/01/13 13:43:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2011/01/12 18:12:00 | 000,475,648 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xVrkkhEDTaOX.exe
PRC - [2011/01/08 11:28:30 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2011/01/08 11:28:27 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/14 08:43:40 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/09/14 10:57:16 | 000,007,168 | ---- | M] () -- C:\Program Files\InstallPedia\lnetworker.exe
PRC - [2010/08/17 13:39:03 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/17 13:38:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2006/10/14 11:43:22 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2006/02/23 11:09:06 | 000,114,784 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2006/02/23 11:09:04 | 000,266,338 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2006/02/23 11:08:36 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\APPS\Powercinema\PCMService.exe
PRC - [2006/02/23 11:08:28 | 001,073,152 | ---- | M] (Cyberlink) -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005/10/20 05:15:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
PRC - [2005/10/20 05:15:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
PRC - [2005/06/03 02:52:54 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
PRC - [2005/01/31 08:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/08/05 13:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/27 15:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
PRC - [2004/04/08 04:25:04 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe
PRC - [2003/08/19 16:00:40 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
PRC - [2003/08/19 15:48:56 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - [2011/01/13 13:43:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2004/08/05 13:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/12/14 08:43:40 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/14 10:57:18 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Program Files\InstallPedia\service.exe -- (IP netservices)
SRV - [2010/08/17 13:39:03 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2006/02/23 11:09:06 | 000,114,784 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/02/23 11:09:04 | 000,266,338 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/02/23 11:08:28 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/10/20 05:15:00 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- (USBDeviceService)
SRV - [2005/01/31 08:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/04/08 04:25:04 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe -- (AOL ACS)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys -- (SYMIDSCO)
DRV - [2010/12/14 08:43:44 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/14 08:43:44 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/10/14 11:43:24 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/08/02 16:44:42 | 000,384,384 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2006/07/24 15:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/16 18:56:38 | 000,083,968 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/04/28 13:54:52 | 000,193,056 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/11 22:40:44 | 001,414,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/07 16:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 22:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 22:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/23 16:04:44 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 21:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 21:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 21:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 21:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 21:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 20:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 20:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 20:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 20:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 20:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 20:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 20:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 20:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 20:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-527554719-3489315904-3707505039-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-527554719-3489315904-3707505039-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-527554719-3489315904-3707505039-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-527554719-3489315904-3707505039-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: ""
FF - 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/08 11:28:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/08 11:28:34 | 000,000,000 | ---D | M]
[2010/09/24 14:52:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FRANCIS\Application Data\Mozilla\Extensions
[2010/11/07 14:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FRANCIS\Application Data\Mozilla\Firefox\Profiles\c2elalcu.default\extensions
[2010/09/24 14:52:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/26 17:15:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/09/14 22:32:19 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/09/14 22:32:19 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/09/14 22:32:19 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/09/14 22:32:19 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/09/14 22:32:19 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2004/08/05 13:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts:       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-527554719-3489315904-3707505039-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-527554719-3489315904-3707505039-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-527554719-3489315904-3707505039-1007\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-527554719-3489315904-3707505039-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IP Network] C:\Program Files\InstallPedia\lnetworker.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [PCMService] c:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-527554719-3489315904-3707505039-1006..\Run: [IGDXaRoyCsYol] C:\Documents and Settings\All Users\Application Data\IGDXaRoyCsYol.exe ()
O4 - HKU\S-1-5-21-527554719-3489315904-3707505039-1006..\Run: [xVrkkhEDTaOX.exe] C:\Documents and Settings\All Users\Application Data\xVrkkhEDTaOX.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527554719-3489315904-3707505039-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527554719-3489315904-3707505039-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\ [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011/01/13 08:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FRANCIS\Menu Démarrer\Programmes\Disk Helper
[2011/01/03 09:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FRANCIS\Mes documents\Cde Leclerc Printemps 2011
[2010/12/23 21:42:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010/12/23 21:42:30 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2007/03/06 07:58:12 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Program Files\HijackThis.exe
[2007/01/26 18:56:31 | 005,878,544 | ---- | C] (Online Media Technologies Ltd.                              ) -- C:\Program Files\AVSDiscCreator.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011/01/13 13:34:23 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~IGDXaRoyCsYol
[2011/01/13 13:34:23 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~IGDXaRoyCsYolr
[2011/01/13 13:34:15 | 000,425,472 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\lDCFlxOYfami.dll
[2011/01/13 13:32:04 | 000,000,357 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2011/01/13 12:01:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/13 12:01:13 | 937,603,072 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/13 09:00:33 | 000,000,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\IGDXaRoyCsYol
[2011/01/13 08:24:10 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\FRANCIS\Bureau\Disk Helper.lnk
[2011/01/12 18:12:26 | 000,381,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\IGDXaRoyCsYol.exe
[2011/01/12 18:12:00 | 000,475,648 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xVrkkhEDTaOX.exe
[2011/01/11 09:00:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/08 15:01:47 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\FRANCIS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/07 09:42:54 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\FRANCIS\Mes documents\BUDGET.xls
[2010/12/30 10:17:18 | 000,276,919 | ---- | M] () -- C:\Documents and Settings\FRANCIS\Mes documents\N° tintin l'affaire tournesol vosgien.jpg
[2010/12/28 18:17:03 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\FRANCIS\Mes documents\Liste BD.xls
[2010/12/28 18:12:22 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\FRANCIS\Mes documents\Liste BD.doc
[2010/12/28 18:08:57 | 000,502,053 | ---- | M] () -- C:\Documents and Settings\FRANCIS\Mes documents\l'effére Tournesol.jpg
[2010/12/22 17:04:49 | 000,093,696 | ---- | M] () -- C:\Documents and Settings\FRANCIS\Mes documents\janvierfevrier2011.doc
[2010/12/20 16:56:32 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\FRANCIS\Mes documents\50 € SFR.doc
[2010/12/20 16:45:34 | 000,002,551 | ---- | M] () -- C:\Documents and Settings\FRANCIS\Bureau\Microsoft Word.lnk
[2010/12/15 15:40:14 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\FRANCIS\Mes documents\TEL MOB FRANCIS.xls
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011/01/13 08:24:39 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~IGDXaRoyCsYol
[2011/01/13 08:24:39 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~IGDXaRoyCsYolr
[2011/01/13 08:24:10 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\FRANCIS\Bureau\Disk Helper.lnk
[2011/01/13 08:24:07 | 000,000,384 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\IGDXaRoyCsYol
[2011/01/12 18:12:26 | 000,381,440 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\IGDXaRoyCsYol.exe
[2011/01/12 18:12:20 | 000,425,472 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lDCFlxOYfami.dll
[2011/01/12 18:12:07 | 000,475,648 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xVrkkhEDTaOX.exe
[2010/12/30 10:17:17 | 000,276,919 | ---- | C] () -- C:\Documents and Settings\FRANCIS\Mes documents\N° tintin l'affaire tournesol vosgien.jpg
[2010/12/28 18:08:56 | 000,502,053 | ---- | C] () -- C:\Documents and Settings\FRANCIS\Mes documents\l'effére Tournesol.jpg
[2010/12/22 17:04:49 | 000,093,696 | ---- | C] () -- C:\Documents and Settings\FRANCIS\Mes documents\janvierfevrier2011.doc
[2010/10/02 16:52:13 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\FRANCIS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/24 10:05:08 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\Utils.dll
[2010/09/24 09:24:10 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/24 09:05:40 | 000,000,357 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/04/08 10:38:13 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\jasltw.dat
[2008/10/17 12:58:01 | 035,008,838 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Storm3.exe
[2008/04/23 19:52:47 | 000,004,977 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ywasvxup.hvs
[2007/08/06 15:37:53 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/05/26 18:21:54 | 000,005,861 | ---- | C] () -- C:\Program Files\readme.txt
[2007/05/21 14:19:36 | 000,000,197 | ---- | C] () -- C:\Program Files\stream.ini
[2007/05/21 13:13:14 | 000,148,310 | ---- | C] () -- C:\Program Files\clothpickups.jpg
[2007/04/08 21:51:52 | 009,408,942 | ---- | C] () -- C:\Program Files\sa-downgrade_v2tov1.rar
[2007/04/01 17:35:28 | 011,284,970 | ---- | C] () -- C:\Program Files\
[2007/03/07 07:28:39 | 013,446,648 | ---- | C] () -- C:\Program Files\AVAST.exe
[2007/03/06 08:57:51 | 000,553,687 | ---- | C] () -- C:\Program Files\RegCleaner.exe
[2007/03/06 07:59:18 | 000,006,640 | ---- | C] () -- C:\Program Files\hijackthis.log
[2006/10/14 12:13:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/14 11:56:44 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/10/14 11:51:36 | 000,000,602 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2006/10/14 11:46:38 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/14 11:44:06 | 000,007,604 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2006/10/14 11:29:15 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/30 00:26:32 | 000,229,480 | ---- | C] () -- C:\Program Files\gta_sa_processkiller.exe
[2006/03/23 13:24:10 | 000,006,399 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/12 11:23:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/16 17:25:16 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/16 16:56:59 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/16 16:41:02 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/08/18 15:46:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2002/11/13 20:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2002/09/13 16:40:06 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[color=#E56717]========== LOP Check ==========[/color]
[2008/10/17 12:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\10015
[2009/09/01 19:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/10/17 12:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\channels
[2009/11/21 10:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/05/17 16:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/03/21 19:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2010/01/28 17:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LICENSE FORD HOPE DRAW
[2007/10/13 12:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/09/24 17:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OD2
[2009/09/01 17:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2007/12/05 18:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skyline
[2006/10/14 11:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/11/09 18:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Storm
[2007/12/16 20:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/24 17:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/09/24 17:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/12/04 20:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/10/27 08:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FRANCIS\Application Data\Leadertech
[2010/12/04 20:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FRANCIS\Application Data\LG Electronics
[2010/09/27 09:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FRANCIS\Application Data\Objectif Tarot
[2010/09/26 16:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FRANCIS\Application Data\OD2
[2010/12/04 19:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FRANCIS\Application Data\Ulead Systems
[2008/09/02 18:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karine\Application Data\Grisoft
[2009/04/12 18:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karine\Application Data\InfraRecorder
[2009/08/29 21:28:36 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Karine\Application Data\lowsec
[2008/09/05 17:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karine\Application Data\OD2
[2009/01/31 18:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karine\Application Data\Shareaza
[2010/10/09 12:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KARINE.FRANCIS\Application Data\Objectif Tarot
[2010/12/23 13:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KARINE.FRANCIS\Application Data\OD2
[2008/10/17 17:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Application Data
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 480 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >

J'espère que ça va , j'ai du utiliser un DD externe.
Re: RAM mémory usage5 is critically high

Message le 13 Jan 2011 14:52

Ça va aller Franci, t'as du attraper > ce bidule < et peut-être plus ?

Nos Helpers vont t'en sortir, t'inquiètes et ++ ;)
Re: RAM mémory usage5 is critically high

Message le 13 Jan 2011 17:55

Merci tu me remontes le moral.Il est tout nouveau ce virus.
Re: RAM mémory usage5 is critically high

Message le 14 Jan 2011 09:18

Hello "helpers" , ne m'abandonnez pas .
Re: RAM mémory usage5 is critically high

Message le 14 Jan 2011 11:00

Salut à tous!

Les Modos 8)

Fais ceci :

Ferme toutes les fenêtres actives sur ton PC.
Relance OTL > Double-clics dessus .
Dans l'interface d'OTL, vérifie que la case "Rapport minimal" soit bien cochée.
Copie (TOUT SELECTIONNER) et colle le contenue de cette citation dans la fenêtre Personnalisation
Code: Tout sélectionner
C:\program files\installpedia\lnetworker.exe
C:\program files\installpedia\service.exe
C:\documents and settings\all users\application data\igdxaroycsyol.exe
C:\documents and settings\all users\application data\xvrkkhedtaox.exe

PRC - [2010/09/14 10:57:16 | 000,007,168 | ---- | M] () -- C:\Program Files\InstallPedia\lnetworker.exe     
SRV - [2010/09/14 10:57:18 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Program Files\InstallPedia\service.exe -- (IP netservices)     
O4 - HKLM..\Run: [IP Network] C:\Program Files\InstallPedia\lnetworker.exe ()     
O4 - HKU\S-1-5-21-527554719-3489315904-3707505039-1006..\Run: [IGDXaRoyCsYol] C:\Documents and Settings\All Users\Application Data\IGDXaRoyCsYol.exe ()
O4 - HKU\S-1-5-21-527554719-3489315904-3707505039-1006..\Run: [xVrkkhEDTaOX.exe] C:\Documents and Settings\All Users\Application Data\xVrkkhEDTaOX.exe ()
[2011/01/12 18:12:26 | 000,381,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\IGDXaRoyCsYol.exe     
[2011/01/12 18:12:00 | 000,475,648 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xVrkkhEDTaOX.exe     
[2011/01/12 18:12:26 | 000,381,440 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\IGDXaRoyCsYol.exe     
[2011/01/12 18:12:07 | 000,475,648 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xVrkkhEDTaOX.exe     
[2010/09/24 10:05:08 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\Utils.dll     
[2010/01/28 17:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LICENSE FORD HOPE DRAW     


Clique sur le bouton Correction.
Ne touche plus au PC avant son redémarrage.
A l'ouverture du PC un rapport va s'ouvrir --> OTL.txt ... Si ce n'est le cas tu le retrouveras sous le même nom sur le Bureau ou alors dans son dossier --> C:\OTL
Copie et colle ici en réponse le contenu de ce rapport.
Re: RAM mémory usage5 is critically high

Message le 14 Jan 2011 11:21

Je vous résume:hier matin ,le pb arrive.
Je passe Antivir:rien.
Ce matin je mets à jour l'anti virus puis un scan.
Il me trouve 13 fichiers infectés par TR/FakeAV.aako.
J e les mets en quarantaine et j'ouvre la session 1 et...................waou tout marche .

Qu'est ce que je fais des fichiers infectés en quarantaine?
Est-ce que je dois faire ce que me suggère Danakil ?
Re: RAM mémory usage5 is critically high

Message le 14 Jan 2011 11:28

franci a écrit:Est-ce que je dois faire ce que me suggère Danakil ?

Si c'est à moi que tu poses cette question je te dirai --> OUI <-- juste histoire de désinfecter ton PC!
Ce n'est pas parce qu'Antivir a viré ce Fake que l'infection n'est toujours pas présente. :wink:

Maintenant si tu préfères attendre d'autres avis, ne patiente pas trop longtemps car le Rogue s'inscruste de plus en plus sur ton PC.
Re: RAM mémory usage5 is critically high

Message le 14 Jan 2011 11:30

Oui Franci vaut mieux bien tout nettoyer même si AVG a rattrapé son retard.

On attend ton rapport OTL ;)
Re: RAM mémory usage5 is critically high DISK HELPER

Message le 14 Jan 2011 13:45

salut franci ,
j'ai eu le même problème que toi , voici ma méthode pour virer cette saloperie de disk helper :
a l'ouverture du bureau lors du démarrage , "ctrl alt sup" pour ouvrir le gestionnaire de tache , dans les processus j'ai trouver 2 lignes de programme inconnus genre Ae2hKK.exe , tu les notes et tu fais terminer processus , ensuite tu fais démarrer rechercher " disk helper" et les 2 ".exe " que tu a noté dans les processus , quand il les a trouvé , tu n'as plus qu'a les supprimer , redémarrer et faire un scan complet avec malwarebyte pour être sur qu'il reste rien, en 30 min le tour est joué .
chez moi avec xp ils étaient caché dans les fichiers data , le chemin est indiqué avec un clic droit propriété sur ce qu'a trouver la recherche de fichier.
pas la peine de se faire chier avec des truc compliquer du genre highjack bidule,
j'espere pouvoir aider certains , bon week end
Re: RAM mémory usage5 is critically high

Message le 14 Jan 2011 18:02

Bon ,abondance de solutions ne nuit pas:
D'abord Sylvain 18 car c'est le plus simple:
J'ai viré Disk helper.
Dans le gestionnaire de taches , j'ai ceci que je ne maitrise pas:
Inetworker avgnt PCMService SynTPEnh issch ati2evxx DetectorApp plugincontainer lxbkbmon
msmgs jusched wuauclt msimm RHTDCPL taskmgr csrss winlogon lxbkbmgr

Où sont les intrus.

Pour les partisans du OTL ça vient.
Re: RAM mémory usage5 is critically high

Message le 14 Jan 2011 18:14

Code: Tout sélectionner
OTL logfile created on: 14/01/2011 18:05:05 - Run 2
OTL by OldTimer - Version     Folder = C:\Documents and Settings\FRANCIS\Mes documents\Téléchargements
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
894,00 Mb Total Physical Memory | 426,00 Mb Available Physical Memory | 48,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66,71 Gb Total Space | 32,74 Gb Free Space | 49,07% Space Free | Partition Type: NTFS
Computer Name: FRANCIS | User Name: FRANCIS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - C:\Documents and Settings\FRANCIS\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\InstallPedia\lnetworker.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()
PRC - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)
PRC - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe ()
PRC - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe ()
PRC - C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - C:\Documents and Settings\FRANCIS\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - (AppMgmt) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (IP netservices) -- C:\Program Files\InstallPedia\service.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (USBDeviceService) -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe ()
SRV - (UleadBurningHelper) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (AOL ACS) -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe (America Online, Inc.)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: ""
FF - 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/08 11:28:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/08 11:28:34 | 000,000,000 | ---D | M]
[2010/09/24 14:52:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FRANCIS\Application Data\Mozilla\Extensions
[2010/11/07 14:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FRANCIS\Application Data\Mozilla\Firefox\Profiles\c2elalcu.default\extensions
[2010/09/24 14:52:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/26 17:15:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/09/14 22:32:19 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/09/14 22:32:19 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/09/14 22:32:19 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/09/14 22:32:19 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/09/14 22:32:19 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2004/08/05 13:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts:       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IP Network] C:\Program Files\InstallPedia\lnetworker.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [PCMService] c:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [IGDXaRoyCsYol]  File not found
O4 - HKCU..\Run: [xVrkkhEDTaOX.exe]  File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\ [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 7 Days ==========[/color]
[2007/03/06 07:58:12 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Program Files\HijackThis.exe
[2007/01/26 18:56:31 | 005,878,544 | ---- | C] (Online Media Technologies Ltd.                              ) -- C:\Program Files\AVSDiscCreator.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 7 Days ==========[/color]
[2011/01/14 18:04:29 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\FRANCIS\Bureau\Raccourci vers OTL.exe.lnk
[2011/01/14 17:54:51 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\FRANCIS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/14 11:27:57 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\FRANCIS\Mes documents\BUDGET.xls
[2011/01/14 09:14:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/14 09:14:05 | 937,603,072 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/13 18:13:10 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~IGDXaRoyCsYol
[2011/01/13 18:13:10 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~IGDXaRoyCsYolr
[2011/01/13 13:32:04 | 000,000,357 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2011/01/13 09:00:33 | 000,000,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\IGDXaRoyCsYol
[2011/01/11 09:00:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011/01/14 18:04:29 | 000,000,946 | ---- | C] () -- C:\Documents and Settings\FRANCIS\Bureau\Raccourci vers OTL.exe.lnk
[2011/01/13 08:24:39 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~IGDXaRoyCsYol
[2011/01/13 08:24:39 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~IGDXaRoyCsYolr
[2011/01/13 08:24:07 | 000,000,384 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\IGDXaRoyCsYol
[2010/10/02 16:52:13 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\FRANCIS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/24 10:05:08 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\Utils.dll
[2010/09/24 09:24:10 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/24 09:05:40 | 000,000,357 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/04/08 10:38:13 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\jasltw.dat
[2008/10/17 12:58:01 | 035,008,838 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Storm3.exe
[2008/04/23 19:52:47 | 000,004,977 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ywasvxup.hvs
[2007/08/06 15:37:53 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/05/26 18:21:54 | 000,005,861 | ---- | C] () -- C:\Program Files\readme.txt
[2007/05/21 14:19:36 | 000,000,197 | ---- | C] () -- C:\Program Files\stream.ini
[2007/05/21 13:13:14 | 000,148,310 | ---- | C] () -- C:\Program Files\clothpickups.jpg
[2007/04/08 21:51:52 | 009,408,942 | ---- | C] () -- C:\Program Files\sa-downgrade_v2tov1.rar
[2007/04/01 17:35:28 | 011,284,970 | ---- | C] () -- C:\Program Files\
[2007/03/07 07:28:39 | 013,446,648 | ---- | C] () -- C:\Program Files\AVAST.exe
[2007/03/06 08:57:51 | 000,553,687 | ---- | C] () -- C:\Program Files\RegCleaner.exe
[2007/03/06 07:59:18 | 000,006,640 | ---- | C] () -- C:\Program Files\hijackthis.log
[2006/10/14 12:13:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/14 11:56:44 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/10/14 11:51:36 | 000,000,602 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2006/10/14 11:46:38 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/14 11:44:06 | 000,007,604 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2006/10/14 11:29:15 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/30 00:26:32 | 000,229,480 | ---- | C] () -- C:\Program Files\gta_sa_processkiller.exe
[2006/03/23 13:24:10 | 000,006,399 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/12 11:23:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/16 17:25:16 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/16 16:56:59 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/16 16:41:02 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/08/18 15:46:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2002/11/13 20:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2002/09/13 16:40:06 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[color=#E56717]========== LOP Check ==========[/color]
[2008/10/17 12:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\10015
[2009/09/01 19:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/10/17 12:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\channels
[2009/11/21 10:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/05/17 16:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/03/21 19:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2010/01/28 17:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LICENSE FORD HOPE DRAW
[2007/10/13 12:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/09/24 17:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OD2
[2009/09/01 17:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2007/12/05 18:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skyline
[2006/10/14 11:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/11/09 18:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Storm
[2007/12/16 20:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/24 17:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/09/24 17:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/12/04 20:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/10/27 08:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FRANCIS\Application Data\Leadertech
[2010/12/04 20:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FRANCIS\Application Data\LG Electronics
[2010/09/27 09:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FRANCIS\Application Data\Objectif Tarot
[2010/09/26 16:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FRANCIS\Application Data\OD2
[2010/12/04 19:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FRANCIS\Application Data\Ulead Systems
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 480 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >
Re: RAM mémory usage5 is critically high

Message le 14 Jan 2011 18:41

Suis partisant d'OTL :P
On ne s'est pas fatigué à le concevoir pour rien!

Tu as refait un scan d'OTL ... Moi je t'ai demandé une correction via OTL dans mon message de 11h00 aujourd'hui, applique la procédure donnée!

Tu as demandé de l'aide d'un helper - OK je suis là!
Fais ce que je te dis ... toutes les procédures que je te donne ont déjà été testées depuis longtemps et sont parfaitement efficaces.

Quand à sylvain18, que je salue et lui souhaite la bienvenue sur PCI, et sa procédure ... Je répondrai simplement que ce qui marche pour un cas n'est pas forcément valable pour un autre.

Reprends mon post de 11h00 et applique la procèdure de Correction!
