Usage anormal du cpu et de la ram sur Vista

Système d'exploitation Microsoft Windows
1

Bonjour,
J’utilise depuis peu Windows Vista Ultimate et j’ai remarqué que l’usage de mon cpu et de ma ram semble augmenter avec le temps…
Je m’explique, lorsque j’allume l’ordinateur le cpu est a environ 5% et la ram a 30%. Apres plusieurs heures, meme si je n’utilise pas l’ordinateur, le cpu grimpe a plus de 30% et la ram a 45-50%. Meme que desfois c’est pire… :frowning:
J’utilisais Mandriva sur mon ancien ordinateur, je suis donc peu familier avec les ‘‘troubles normaux’’ de Windows…

Mon systeme complet est a jour, j’utilise Antivir gratuit comme Anti-virus, Spybot Search And Destroy pour les spywares et le firewall de vista. Je fais également le ménages régulierement avec CClean et la défragmentation avec Auslogics DiskDefrag. J’ai scanné mon ordi au complet avec Antivir, Spybot meme Avast (j’avais déinstaller Antivir avant…). Finalement j’ai déja déactivé les services inutiles de Vista en suivant un guide sur internet…

Malgré tous cela le probleme persiste, quand je me suis lever ce matin le cpu étais a pratiquement 60% avec un seul petit programme qui roulait… et la température des 2 coeur frolaient le 70C!

Le plus bizarre est que quand je redémmarre l’ordinateur tous reviens a la normal pour quelque heures. La seule chose que je n’ai pas encore fais est de nettoyer la tour cependant elle est déja tres propre. Si quelqun pouvais au moin me donner une piste sur ce que pourrait etre le probleme, j’en serais ravie!
Merci d’avance pour vos réponses!
-Jo

Windows Vista Ultimate
Firefox 3.0.1
All-in-wonder X1800XL
Asus digital home p5w deluxe
Intel core duo 2.4Ghz
2 g ram
Boitier lian-li
2 HD 74 G Raptor
19 pouces wide screen acer

2

Je pense pas que ce soit anormal concernant Vista. De toute façon, la RAM est faite pour être utilisée, pas laissée de côté dans sa plus grande partie… Autant que ce soit l’OS qui en profite pour optimiser son fonctionnement ! Il la libèrera pour les applis qui en auront besoin quand il le faudra, t’en fais pas ! :wink: Surement pareil pour l’occupation CPU.

Pour les températures, en revanche, j’en sais trop rien… Mais je crois que 70°C, c’est encore en-dessous du seuil d’inquiétude. Vérifie quand même que les ventilos sont bien fixés !

3

Salut,

effectivement pour la ram ce n’est pas trop un souci, en revanche que ton cpu soit toujours en activité jusqu’a 60% c’est étrange… As tu vérifié dans les processus qui te 'bouffait" la bande?
Quand a 70° cela fait un peu haut, vérifie comme la dit Trit34 la bonne fixation de ton ventilateur du processeur…
Tu as spybot, si tu as activé le tea timer ou teaser (je ne sais plus le nom excat) cela “mange” de la Ram et aussi pas mal de ressources.

4

La “consommation” RAM n’est absolument pas problématique là.

Par contre c’est effectivement moins normal de voir ton CPU à plus de 50% tout le temps.

Verifie que tu as bien tous tes drivers à jours
Mais commence par regarder quel processus utilise le CPU, en allant dans le gestionnaire de tache (clic droit sur la barre de tache => gestionnaire de tache => processus). Une fois que tu auras déterminé quel processus occupe ton CPU on pourra agir en conséquence :wink:

5

Salut

Peut être un malware… Les symptomes correspondes…
Commence par suivre cette procédure

6

Bonsoir!
merci beaucoup pour vos réponses, je tient a préciser que l’utilisation du cpu n’est pas toujours a 60%… Seulement lorsque sa fais longtemps que l’ordinateur est allumer et que je ne m’en sert pas, bref quand j’ai le dos tourné…

J’ai vérifier le ventillateur du cpu et tous semble ok, faut dire que je ne connais rien la dedant mais bon… et pour ce qui est des driver tous semble a jour, l’OS aussi. Pour les processus je vais attendre a demain matin que le cpu redevienne fou et je posterai les résultat du task manager…

Voici les 2 rapport hijackthis:

Hijackthis 1:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:25, on 2008-09-08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\ProgramData\Stardock\XGF\XGFRuntimeServer.exe
C:\Users\Jogiant\AppData\Local\Temp{145DBDE3-582C-418C-AE09-29E140F13519}\Sidebar Clock.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\notepad.exe
C:\Users\Jogiant\Desktop\Downloads\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe”
O4 - HKLM…\Run: [Ai Quicker Help] “C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} - cart.us.vividas.com…
O17 - HKLM\System\CCS\Services\Tcpip…{6B480030-785B-4396-BDD4-0B94CC114A13}: NameServer = 64.235.193.5 64.235.193.6
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe


End of file - 5351 bytes

Hijackthis 2:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:40, on 2008-09-08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\ProgramData\Stardock\XGF\XGFRuntimeServer.exe
C:\Users\Jogiant\AppData\Local\Temp{145DBDE3-582C-418C-AE09-29E140F13519}\Sidebar Clock.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jogiant\Desktop\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe”
O4 - HKLM…\Run: [Ai Quicker Help] “C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} - cart.us.vividas.com…
O17 - HKLM\System\CCS\Services\Tcpip…{6B480030-785B-4396-BDD4-0B94CC114A13}: NameServer = 64.235.193.5 64.235.193.6
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe


End of file - 5420 bytes

Merci encore pour votre aide!
-Jo

7

Tu connait sa O17 - HKLM\System\CCS\Services\Tcpip…{6B480030-785B-4396-BDD4-0B94CC114A13}: NameServer = 64.235.193.5 64.235.193.6 ?

A tu fai MBAM et to antivirus en mode sans échec si oui colle les rapport, sii noon fait le

8

Bonsoir,
Non je connais pas sa… crois-tu que sa pourrais etre nuisible? Si oui comment en etre sur? J’ai pas le cd de Vista donc je suis hésitant a effacer nimportequoi. Pour ce qui est des processus sa semble etre sidebar.exe qui cause probleme il prenait 20% du cpu quand je me suis levé. Est-ce que ce processus englobe tous les gaget que j’ai ajouter a la sidebar ou c’est seulement la sidebar???
Je vais déinstaller tous les gaget qui ne sont pas de Microsoft pour voir si sa regle le probleme…
Voici les scan:

Antivir (mode sans echec)

Avira AntiVir Personal
Report file date: 6 septembre 2008 00:13

Scanning for 1599979 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ULTIMATE

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 2008-08-12 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 14:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 13:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 16:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 19:54:15
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 2008-08-31 04:11:53
ANTIVIR3.VDF : 7.0.6.124 202240 Bytes 2008-09-05 04:11:54
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 15:58:21
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 2008-09-06 04:12:02
AESCN.DLL : 8.1.0.23 119156 Bytes 2008-07-10 18:44:49
AERDL.DLL : 8.1.1.1 397683 Bytes 2008-09-06 04:12:01
AEPACK.DLL : 8.1.2.1 364917 Bytes 2008-07-15 18:58:35
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 2008-09-06 04:12:00
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 2008-09-06 04:11:59
AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-07-10 18:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 2008-09-06 04:11:58
AEEMU.DLL : 8.1.0.7 430452 Bytes 2008-07-31 14:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 2008-09-06 04:11:56
AEBB.DLL : 8.1.0.1 53617 Bytes 2008-07-10 18:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 15:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-09-06 04:11:55
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 19:34:37

Configuration settings for the scan:
Jobname…: Complete system scan
Configuration file…: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging…: low
Primary action…: interactive
Secondary action…: ignore
Scan master boot sector…: on
Scan boot sector…: on
Boot sectors…: C:, E:,
Process scan…: on
Scan registry…: on
Search for rootkits…: off
Scan all files…: Intelligent file selection
Scan archives…: on
Recursion depth…: 20
Smart extensions…: on
Macro heuristic…: on
File heuristic…: high

Start of the scan: 6 septembre 2008 00:13

The scan of running processes will be started
Scan process ‘avscan.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avcenter.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avgnt.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avguard.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘sched.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘VSSVC.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘TrustedInstaller.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘Sidebar Clock.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘CLI.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘XGFRuntimeServer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘AsDHRemote.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘sidebar.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘WmiPrvSE.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘unsecapp.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘CLI.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘sidebar.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘AsRc.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘taskeng.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘MSASCui.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘explorer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘dwm.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘taskeng.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘sqlwriter.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘NMSAccessU.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘sqlservr.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘Ati2evxx.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘SLsvc.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘audiodg.exe’ - ‘0’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘Ati2evxx.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘winlogon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘lsm.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘lsass.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘services.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘csrss.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘wininit.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘csrss.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘smss.exe’ - ‘1’ Module(s) have been scanned
48 processes with 48 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector ‘C:’
[INFO] No virus was found!
Boot sector ‘E:’
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( ‘41’ files ).

Starting the file scan:

Begin scan in ‘C:’
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in ‘E:’

End of the scan: 6 septembre 2008 00:42
Used time: 28:52 Minute(s)

The scan has been done completely.

22541 Scanning directories
200898 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
200896 Files not concerned
1286 Archives were scanned
2 Warnings
0 Notes

Mbam (mode sans echec)

Malwarebytes’ Anti-Malware 1.27
Version de la base de données: 1134
Windows 6.0.6001 Service Pack 1

2008-09-09 22:04:56
mbam-log-2008-09-09 (22-04-56).txt

Type de recherche: Examen complet (C:|E:|)
Eléments examinés: 145417
Temps écoulé: 22 minute(s), 47 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Finalement j’ai fais un hijackthis en sans echec:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:20, on 2008-09-09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Jogiant\Desktop\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe”
O4 - HKLM…\Run: [Ai Quicker Help] “C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} - cart.us.vividas.com…
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe


End of file - 4504 bytes

Merci de ton aide! :slight_smile:

Je me suis tromper de rapport pour Antivir... Voici le bon:

Avira AntiVir Personal
Report file date: 9 septembre 2008 21:13

Scanning for 1603796 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Save mode
Username: Jogiant
Computer name: ULTIMATE

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 2008-08-12 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 14:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 13:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 16:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 19:54:15
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 2008-08-31 04:11:53
ANTIVIR3.VDF : 7.0.6.130 252928 Bytes 2008-09-08 06:01:05
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 15:58:21
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 2008-09-06 04:12:02
AESCN.DLL : 8.1.0.23 119156 Bytes 2008-07-10 18:44:49
AERDL.DLL : 8.1.1.1 397683 Bytes 2008-09-06 04:12:01
AEPACK.DLL : 8.1.2.1 364917 Bytes 2008-07-15 18:58:35
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 2008-09-06 04:12:00
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 2008-09-06 04:11:59
AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-07-10 18:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 2008-09-06 04:11:58
AEEMU.DLL : 8.1.0.7 430452 Bytes 2008-07-31 14:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 2008-09-06 04:11:56
AEBB.DLL : 8.1.0.1 53617 Bytes 2008-07-10 18:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 15:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-09-06 04:11:55
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 19:34:37

Configuration settings for the scan:
Jobname…: Complete system scan
Configuration file…: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging…: low
Primary action…: interactive
Secondary action…: ignore
Scan master boot sector…: on
Scan boot sector…: on
Boot sectors…: C:, E:,
Process scan…: on
Scan registry…: on
Search for rootkits…: off
Scan all files…: Intelligent file selection
Scan archives…: on
Recursion depth…: 20
Smart extensions…: on
Macro heuristic…: on
File heuristic…: high

Start of the scan: 9 septembre 2008 21:13

The scan of running processes will be started
Scan process ‘avscan.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘WmiPrvSE.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘unsecapp.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avcenter.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘explorer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘lsm.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘lsass.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘services.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘winlogon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘wininit.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘csrss.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘csrss.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘smss.exe’ - ‘1’ Module(s) have been scanned
19 processes with 19 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector ‘C:’
[INFO] No virus was found!
Boot sector ‘E:’
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( ‘45’ files ).

Starting the file scan:

Begin scan in ‘C:’
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in ‘E:’

End of the scan: 9 septembre 2008 21:40
Used time: 26:11 Minute(s)

The scan has been done completely.

22152 Scanning directories
208053 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
208051 Files not concerned
1293 Archives were scanned
2 Warnings
0 Notes

9

Coche das hjackthis[quote=""]
O17 - HKLM\System\CCS\Services\Tcpip…{6B480030-785B-4396-BDD4-0B94CC114A13}: NameServer = 64.235.193.5 64.235.193.6
[/quote]
et fait fixed checked

Utilise DSS.exe voila ou [le trouver avec un petit tuto](http://www.malekal.com/tutorial_DSS.php)
10

Bonsoir,
J’ai éliminer le - HKLM… sans probleme. Cependant lorsque j’ai essayer de télécharger le logiciel DSS.exe j’ai eu ce message:

''Deckard’s System Scanner interacts with a specific rootkit (tdssserv) in a way that may make your system unusable (altering the svchost netsvcs registry entry). This download link has been removed until a fix is released by Deckard. For your own protection, please do not attempt to download this tool from other sites.

08/17/2008

Your Geeks to Go admin team’’

Je n’ai donc pas pris de chance… est-ce qu’il y’a une alternative a ce logiciel?

-Jo

11

Désactive tes protections, utilise combofix, laisse travailler et colle le rapport :wink:

PS: dSS ne semble plus dispo :wink:

12

Bonjour,
Je crois avoir résolut le probleme! Hier j’ai fais des recherches sur la sidebar dans Google et je me suis rendu compte que beaucoup de gadgets cause des problemes de performance. J’ai donc déinstaller tous les gadget qui ne vennaient pas directement de Microsoft et de ses partenaires et j’ai laisser mon ordi ouvert tous la nuit… Ce matin le cpu était a 2-3%!!! Le probleme c’était soit sa ou la patente que tu m’as fait éliminer avec Hijackthis… Merci milles fois pour ton aide, en espérant que tu ne trouve rien d’autre dans le log… :slight_smile:

J’ai quand meme fais le scan Combofix (au cas ou…)

ComboFix 08-09-10.04 - Jogiant 2008-09-11 14:52:44.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1182 [GMT -4:00]
Running from: C:\Users\Jogiant\Desktop\Downloads\ComboFix.exe

  • Created a new restore point
    .

((((((((((((((((((((((((( Files Created from 2008-08-11 to 2008-09-11 )))))))))))))))))))))))))))))))
.

2008-09-10 21:40 . 2008-09-10 21:40 d----c— C:\WPDSidebarGadget
2008-09-10 19:30 . 2008-09-10 19:30 d----c— C:\Program Files\Trend Micro
2008-09-10 06:08 . 2008-07-30 21:13 4,240,384 --a–c— C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 06:08 . 2008-08-01 21:01 625,152 --a–c— C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 06:08 . 2008-06-25 23:29 565,248 --a–c— C:\Windows\System32\emdmgmt.dll
2008-09-10 06:08 . 2008-06-25 23:29 303,616 --a–c— C:\Windows\System32\wmpeffects.dll
2008-09-10 06:08 . 2008-05-08 15:21 211,968 --a–c— C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 06:08 . 2008-05-19 22:07 148,480 --a–c— C:\Windows\System32\drivers\nwifi.sys
2008-09-10 06:08 . 2008-06-25 23:29 45,056 --a–c— C:\Windows\System32\dataclen.dll
2008-09-10 06:08 . 2008-08-01 23:26 36,864 --a–c— C:\Windows\System32\cdd.dll
2008-09-10 06:08 . 2008-07-30 23:32 28,160 --a–c— C:\Windows\System32\Apphlpdm.dll
2008-09-09 21:05 . 2008-09-09 21:05 d----c— C:\Users\Jogiant\AppData\Roaming\Malwarebytes
2008-09-09 21:05 . 2008-09-09 21:05 d----c— C:\Users\All Users\Malwarebytes
2008-09-09 21:05 . 2008-09-09 21:05 d----c— C:\ProgramData\Malwarebytes
2008-09-07 23:55 . 2008-09-07 23:55 d----c— C:\Program Files\Java
2008-09-07 23:54 . 2008-09-07 23:54 d----c— C:\Program Files\Common Files\Java
2008-09-06 19:16 . 2008-09-06 19:17 d----c— C:\Users\Jogiant\AppData\Roaming\gtk-2.0
2008-09-06 19:16 . 2008-09-06 19:16 d----c— C:\Users\Jogiant.thumbnails
2008-09-06 19:10 . 2008-09-06 19:27 d----c— C:\Users\Jogiant.gimp-2.4
2008-09-06 19:09 . 2008-09-06 19:09 d----c— C:\Program Files\GIMP-2.0
2008-09-06 18:58 . 2008-09-06 18:58 dr—c--- C:\Windows\System32\config\systemprofile\Videos
2008-09-06 18:58 . 2008-09-06 18:58 dr—c--- C:\Windows\System32\config\systemprofile\Searches
2008-09-06 18:58 . 2008-09-06 18:58 dr—c--- C:\Windows\System32\config\systemprofile\Saved Games
2008-09-06 18:58 . 2008-09-06 18:58 dr—c--- C:\Windows\System32\config\systemprofile\Pictures
2008-09-06 18:58 . 2008-09-06 18:58 dr—c--- C:\Windows\System32\config\systemprofile\Links
2008-09-06 18:58 . 2008-09-06 18:58 dr—c--- C:\Windows\System32\config\systemprofile\Downloads
2008-09-06 18:58 . 2008-09-06 18:58 dr—c--- C:\Windows\System32\config\systemprofile\Documents
2008-09-06 02:24 . 2008-09-06 02:24 d----c— C:\Program Files\SpeedFan
2008-09-06 02:24 . 2008-09-06 02:24 45 --a–c— C:\Windows\System32\initdebug.nfo
2008-09-06 00:11 . 2008-09-06 00:11 d----c— C:\Users\All Users\Avira
2008-09-06 00:11 . 2008-09-06 00:11 d----c— C:\ProgramData\Avira
2008-09-06 00:11 . 2008-09-06 00:11 d----c— C:\Program Files\Avira
2008-09-02 15:28 . 2008-09-02 15:28 d----c— C:\Program Files\PHILIPS
2008-09-02 15:28 . 2007-06-14 10:25 839,680 --a–c— C:\Windows\System32\FDRpage.dll
2008-09-02 15:28 . 2007-06-04 15:34 208,896 --a–c— C:\Windows\System32\CreateDir.exe
2008-09-02 15:28 . 2006-01-04 15:39 77,824 --a–c— C:\Windows\System32\FDRdriver.dll
2008-09-02 15:28 . 2006-01-07 11:09 7,548 --a–c— C:\Windows\System32\drivers\Samhid.sys
2008-08-30 11:03 . 2008-09-06 17:32 d----c— C:\Users\All Users\Spybot - Search & Destroy
2008-08-30 11:03 . 2008-09-06 17:32 d----c— C:\ProgramData\Spybot - Search & Destroy
2008-08-30 11:03 . 2008-08-30 11:04 d----c— C:\Program Files\Spybot - Search & Destroy
2008-08-27 15:36 . 2008-08-27 15:36 31,060,992 --a–c— C:\Windows\System32\imageres.dll
2008-08-27 11:19 . 2008-08-27 11:19 d----c— C:\Program Files\Real
2008-08-27 11:19 . 2008-08-27 11:23 d----c— C:\Program Files\Common Files\Real
2008-08-26 11:02 . 2008-08-26 11:02 d----c— C:\Users\All Users\InstallShield
2008-08-26 11:02 . 2008-08-26 11:02 d----c— C:\ProgramData\InstallShield
2008-08-25 18:45 . 2008-08-25 18:45 d----c— C:\Users\All Users\Apple
2008-08-25 18:45 . 2008-08-25 18:45 d----c— C:\ProgramData\Apple
2008-08-25 18:45 . 2008-08-25 18:45 d----c— C:\Program Files\Common Files\Apple
2008-08-25 12:59 . 2008-08-25 12:59 161,280 --a–c— C:\Windows\System32\fmod.dll
2008-08-25 11:43 . 2008-08-25 11:43 d----c— C:\Windows\Not so deep Uninstaller
2008-08-25 11:43 . 2007-10-05 23:28 1,863,673 --a–c— C:\Windows\Not so deep.swf
2008-08-25 11:43 . 2007-07-21 14:52 903,168 --a–c— C:\Windows\Not so deep.scr
2008-08-25 11:43 . 2007-07-21 14:53 495,104 --a–c— C:\Windows\Not so deep.exe
2008-08-25 11:43 . 2006-11-04 22:42 161,078 --a–c— C:\Windows\Not so deep.bmp
2008-08-25 11:43 . 2006-11-12 18:55 23,558 --a–c— C:\Windows\Not so deep.ico
2008-08-25 11:43 . 2007-10-05 23:49 666 --a–c— C:\Windows\Not so deep.c3
2008-08-25 11:43 . 2007-10-05 23:49 666 --a–c— C:\Windows\Not so deep.c1
2008-08-25 11:43 . 2006-10-24 18:06 639 --a–c— C:\Windows\Not so deep.c4
2008-08-25 11:43 . 2006-10-08 20:33 0 --a–c— C:\Windows\Not so deep.ini
2008-08-25 07:30 . 2007-06-05 11:26 567,040 --a–c— C:\Windows\System32\wbocx.ocx
2008-08-25 07:30 . 2007-06-05 11:26 56,496 --a–c— C:\Windows\System32\wbhelp2.dll
2008-08-25 03:31 . 2008-08-25 03:31 dr-h-c— C:\Users\Jogiant\AppData\Roaming\SecuROM
2008-08-25 03:31 . 2008-09-02 22:37 d----c— C:\Users\Jogiant\AppData\Roaming\Bioshock
2008-08-24 04:55 . 2008-09-03 18:49 d----c— C:\Users\Jogiant\AppData\Roaming\DVD Flick
2008-08-24 04:55 . 2000-11-05 15:27 36,864 --a–c— C:\Windows\System32\trayicon.ocx
2008-08-22 19:45 . 2008-08-22 19:45 d----c— C:\Users\Jogiant\AppData\Roaming\Microsoft Games
2008-08-22 00:48 . 2008-07-19 01:09 1,811,656 --a–c— C:\Windows\System32\wuaueng.dll
2008-08-22 00:48 . 2008-07-18 23:44 1,524,736 --a–c— C:\Windows\System32\wucltux.dll
2008-08-22 00:48 . 2008-07-19 01:09 563,912 --a–c— C:\Windows\System32\wuapi.dll
2008-08-22 00:48 . 2008-07-18 22:08 163,904 --a–c— C:\Windows\System32\wuwebv.dll
2008-08-22 00:48 . 2008-07-18 23:44 83,456 --a–c— C:\Windows\System32\wudriver.dll
2008-08-22 00:48 . 2008-07-19 01:10 53,448 --a–c— C:\Windows\System32\wuauclt.exe
2008-08-22 00:48 . 2008-07-19 01:10 45,768 --a–c— C:\Windows\System32\wups2.dll
2008-08-22 00:48 . 2008-07-19 01:10 36,552 --a–c— C:\Windows\System32\wups.dll
2008-08-22 00:48 . 2008-07-18 20:44 31,232 --a–c— C:\Windows\System32\wuapp.exe
2008-08-20 09:34 . 2008-08-20 09:34 d----c— C:\Users\Jogiant\AppData\Roaming\Canneverbe_Limited
2008-08-20 09:33 . 2008-08-20 09:34 d----c— C:\Program Files\CDBurnerXP
2008-08-20 09:05 . 2008-08-20 09:05 d----c— C:\Users\Jogiant\AppData\Roaming\DeepBurner
2008-08-19 05:39 . 2008-08-19 05:39 d----c— C:\Users\Jogiant\AppData\Roaming\Apple Computer
2008-08-18 18:34 . 2008-08-18 18:34 d----c— C:\Users\Jogiant\AppData\Roaming\Sonic
2008-08-18 18:21 . 2008-09-03 22:36 23 --a–c— C:\Windows\BlendSettings.ini
2008-08-18 14:02 . 2008-08-18 14:02 d----c— C:\Program Files\Bethesda Softworks
2008-08-16 21:38 . 2008-08-24 04:59 d----c— C:\Users\Jogiant\AppData\Roaming\Roxio
2008-08-16 20:57 . 2008-08-16 20:57 d----c— C:\Users\Jogiant\AppData\Roaming\Auslogics
2008-08-16 20:57 . 2008-08-16 20:57 d----c— C:\Program Files\Auslogics
2008-08-16 20:46 . 2008-08-26 13:33 d----c— C:\Users\Jogiant\AppData\Roaming\mIRC
2008-08-16 20:46 . 2008-08-16 20:46 d----c— C:\Program Files\mIRC
2008-08-16 05:28 . 2008-08-29 16:27 d----c— C:\Users\Jogiant\Downloads
2008-08-16 04:12 . 2008-08-16 04:12 d----c— C:\Program Files\DAEMON Tools Lite
2008-08-16 04:06 . 2008-08-16 04:06 d----c— C:\Users\Jogiant\AppData\Roaming\DAEMON Tools
2008-08-16 04:06 . 2008-08-16 04:06 717,296 --a–c— C:\Windows\System32\drivers\sptd.sys
2008-08-16 02:33 . 2008-09-03 16:43 d----c— C:\Users\Jogiant\AppData\Roaming\dvdcss
2008-08-16 01:34 . 2008-08-16 01:34 0 --ah-c— C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-08-16 00:13 . 2008-02-28 13:26 1,414,440 --a–c— C:\Windows\System32\ShellManager310E2D762.dll
2008-08-16 00:13 . 2008-02-28 13:01 774,144 --a–c— C:\Windows\System32\NEROINSTAEC43759.DB
2008-08-16 00:12 . 2008-08-16 00:12 0 --a–c— C:\Windows\Irremote.ini
2008-08-16 00:04 . 2008-08-16 04:53 2,560 --a–c— C:\Windows_MSRSTRT.EXE
2008-08-15 23:26 . 2008-08-24 05:02 d----c— C:\Program Files\DVD Flick
2008-08-15 23:26 . 2004-03-09 00:00 662,288 --a–c— C:\Windows\System32\mscomct2.ocx
2008-08-15 23:26 . 2000-05-19 17:56 81,920 --a–c— C:\Windows\System32\mbmouse.ocx
2008-08-15 23:26 . 2007-08-31 18:36 36,864 --a–c— C:\Windows\System32\trayicon_handler.ocx
2008-08-15 23:23 . 2008-08-15 23:57 d----c— C:\Users\Jogiant\AppData\Roaming\DivX
2008-08-15 23:20 . 2008-08-15 23:20 d----c— C:\Users\Jogiant\AppData\Roaming\vlc
2008-08-15 22:59 . 2008-09-10 03:44 d----c— C:\Users\Jogiant\dwhelper
2008-08-15 22:35 . 2008-09-10 08:23 d----c— C:\Users\Jogiant\AppData\Roaming\uTorrent
2008-08-15 21:52 . 2008-08-16 00:06 dr—c--- C:\Users\Jogiant\Videos
2008-08-15 21:52 . 2008-08-15 21:52 dr—c--- C:\Users\Jogiant\Searches
2008-08-15 21:52 . 2008-08-18 06:18 dr—c--- C:\Users\Jogiant\Saved Games
2008-08-15 21:52 . 2008-09-06 18:46 dr—c--- C:\Users\Jogiant\Pictures
2008-08-15 21:52 . 2008-08-25 07:12 dr—c--- C:\Users\Jogiant\Music
2008-08-15 21:52 . 2008-08-15 23:19 dr—c--- C:\Users\Jogiant\Links
2008-08-15 21:52 . 2008-09-08 21:44 dr—c--- C:\Users\Jogiant\Documents
2008-08-15 21:52 . 2008-08-15 23:04 dr—c--- C:\Users\Jogiant\Contacts
2008-08-15 21:52 . 2008-08-15 21:52 d----c— C:\Users\Jogiant\AppData\Roaming\Nero
2008-08-15 21:52 . 2006-11-02 08:35 d----c— C:\Users\Jogiant\AppData\Roaming\Media Center Programs
2008-08-15 21:52 . 2008-08-15 21:52 d----c— C:\Users\Jogiant\AppData\Roaming\ATI
2008-08-15 21:52 . 2008-08-15 21:52 d–h-c— C:\Users\Jogiant\AppData
2008-08-15 21:51 . 2008-09-11 00:44 d----c— C:\Users\Jogiant
2008-08-15 20:07 . 2008-09-03 19:08 d----c— C:\Program Files\PokerStars
2008-08-15 19:47 . 2008-08-25 07:30 d----c— C:\Users\All Users\Stardock
2008-08-15 19:47 . 2008-08-25 07:30 d----c— C:\ProgramData\Stardock
2008-08-15 19:09 . 2008-05-27 00:59 106,605 --a–c— C:\Windows\System32\StructuredQuerySchema.bin
2008-08-15 19:09 . 2008-05-27 01:17 34,816 --a–c— C:\Windows\System32\msscb.dll
2008-08-15 19:09 . 2008-05-27 00:59 18,904 --a–c— C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-08-15 19:09 . 2008-05-27 01:17 11,776 --a–c— C:\Windows\System32\msshooks.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-10 12:25 --------- dc----w C:\ProgramData\Microsoft Help
2008-09-10 02:42 --------- dc----w C:\Program Files\Microsoft SQL Server
2008-09-06 23:08 --------- dc----w C:\Program Files\Common Files\Adobe
2008-09-06 23:05 --------- dc----w C:\Program Files\Sonic
2008-09-06 23:05 --------- dc----w C:\Program Files\Common Files\Roxio Shared
2008-08-30 17:48 --------- dc-h–w C:\Program Files\InstallShield Installation Information
2008-08-26 17:34 --------- dc----w C:\ProgramData\Skype
2008-08-26 14:57 --------- dc----w C:\Program Files\Common Files\InstallShield
2008-08-16 04:22 --------- dc----w C:\Program Files\Common Files\LogiShrd
2008-08-16 04:19 --------- dc----w C:\ProgramData\Logishrd
2008-08-16 04:14 --------- dc----w C:\ProgramData\Nero
2008-08-16 04:14 --------- dc----w C:\Program Files\Common Files\Nero
2008-08-16 02:37 --------- dc----w C:\ProgramData\LightScribe
2008-08-15 18:00 --------- dc----w C:\Program Files\Windows Mail
2008-07-31 03:32 460,288 -c–a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 -c–a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 -c–a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-18 23:32 0 -c-ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-04 07:37 421,888 -c–a-w C:\Windows\System32\ATIDEMGX.dll
2008-07-04 07:37 331,776 -c–a-w C:\Windows\System32\atipdlxx.dll
2008-07-04 07:37 266,240 -c–a-w C:\Windows\System32\Oemdspif.dll
2008-07-04 07:37 159,744 -c–a-w C:\Windows\System32\atitmmxx.dll
2008-07-04 07:36 43,520 -c–a-w C:\Windows\System32\ati2edxx.dll
2008-07-04 07:36 270,336 -c–a-w C:\Windows\System32\Ati2evxx.dll
2008-07-04 07:35 692,224 -c–a-w C:\Windows\System32\Ati2evxx.exe
2008-07-04 07:21 3,691,008 -c–a-w C:\Windows\System32\atiumdag.dll
2008-07-04 07:03 4,427,264 -c–a-w C:\Windows\System32\atiumdva.dll
2008-07-04 06:52 9,306,112 -c–a-w C:\Windows\System32\atioglxx.dll
2008-07-04 06:50 50,688 -c–a-w C:\Windows\System32\amdpcom32.dll
2008-07-04 06:50 42,496 -c–a-w C:\Windows\System32\atiadlxx.dll
2008-06-28 04:13 174 --sha-w C:\Program Files\desktop.ini
2008-06-28 03:55 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-28 03:55 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-27 23:10 47,560 -c–a-w C:\Windows\System32\SPReview.exe
2008-06-27 23:10 152,576 -c–a-w C:\Windows\System32\SPWizUI.dll
2008-06-26 03:29 801,280 -c–a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 -c–a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 -c–a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-12 05:28 541,696 -c–a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-04 22:56 56 -c-ha-w C:\Users\All Users\ezsidmv.dat
2008-05-04 22:56 56 -c-ha-w C:\ProgramData\ezsidmv.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-01-18 1233920]
“msnmsgr”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe” [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe” [2006-07-11 90112]
“Ai Quicker Help”=“C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe” [2006-11-09 3165696]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]
“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-06-12 266497]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.l3acm”= l3codecp.acm
“msacm.g723”= g723.acm
“vidc.I263”= I263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
–a--c— 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
–a--c— 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“TCP Query User{56576949-A9D8-48B4-B8E2-6DF936BFDDF8}C:\program files\msn messenger\msnmsgr.exe”= UDP:C:\program files\msn messenger\msnmsgr.exe:Messenger
“UDP Query User{EF147B68-51A0-41FA-BBBA-438322AF76C7}C:\program files\msn messenger\msnmsgr.exe”= TCP:C:\program files\msn messenger\msnmsgr.exe:Messenger
“{C0F2DE6C-BAAC-4BD8-AAE3-23E40BE5AD43}”= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
“{F4B6C4A6-9F46-400C-B58A-8C1EF41973AE}”= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
“{F22F98C6-92BE-486F-B7EA-2BD0B0D280F1}”= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
“TCP Query User{4B7C8D58-6C92-4BBF-9521-6454EBB4ED0F}C:\program files\internet explorer\iexplore.exe”= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“UDP Query User{D879DC28-9B01-47CA-9DEE-0F69F9D853C3}C:\program files\internet explorer\iexplore.exe”= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“TCP Query User{35ABF548-F09D-490C-941F-0435F82EC365}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe”= UDP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
“UDP Query User{A82F0132-070A-4619-8498-C9945170D5CA}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe”= TCP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
“TCP Query User{47CF3954-0C1B-414F-9E50-41679C9DB3C9}C:\program files\microsoft visual studio 8\common7\ide\vwdexpress.exe”= UDP:C:\program files\microsoft visual studio 8\common7\ide\vwdexpress.exe:Microsoft Visual Web Developer 2005 Express Edition
“UDP Query User{EE196AA2-3871-4436-B7C3-1EED21EF9940}C:\program files\microsoft visual studio 8\common7\ide\vwdexpress.exe”= TCP:C:\program files\microsoft visual studio 8\common7\ide\vwdexpress.exe:Microsoft Visual Web Developer 2005 Express Edition
“TCP Query User{4C6E1EBA-0B9C-43EA-A6BD-AAEDFF194708}C:\program files\azureus\azureus.exe”= UDP:C:\program files\azureus\azureus.exe:Azureus
“UDP Query User{26F40C72-97B8-437B-B253-FD796B7E6A26}C:\program files\azureus\azureus.exe”= TCP:C:\program files\azureus\azureus.exe:Azureus
“{843C15B6-56BF-40EC-95CD-D272743FE7BE}”= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
“{2AC4894E-1B7F-40B8-B54C-1E423014C8C2}”= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
“{99BAF276-ADB2-49D5-AA2A-77F05C41CFF6}”= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
“{E846F9E2-BDA7-410B-B2CE-9FEAE35886E8}”= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
“TCP Query User{32DA94A4-B517-42A0-9649-68179A62B740}C:\program files\windows sidebar\sidebar.exe”= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
“UDP Query User{1A09B661-B696-4C70-AE2A-D89AB73822FE}C:\program files\windows sidebar\sidebar.exe”= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
“{A103E7FE-81AD-4157-826D-AE1850337206}”= UDP:C:\Program Files\DNA\btdna.exe:DNA
“{6BC4DB81-615E-46E4-A486-E60FFAD80B10}”= TCP:C:\Program Files\DNA\btdna.exe:DNA
“TCP Query User{7F524067-5615-4F96-BB77-00772AAB3021}C:\program files\mozilla firefox\firefox.exe”= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
“UDP Query User{E38D39D1-4B59-4294-B53A-FF8BAC1AB134}C:\program files\mozilla firefox\firefox.exe”= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

R1 Cinemsup;Cinemsup;C:\Windows\system32\drivers\Cinemsup.sys [2003-12-19 6656]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-07-04 3847168]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-11-19 288256]
R3 samhid;samhid;C:\Windows\system32\drivers\samhid.sys [2006-01-07 7548]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-11-19 288256]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2005-06-20 215040]
S4 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096]

Newly Created Service - CATCHME
Newly Created Service - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the ‘Scheduled Tasks’ folder
.

        • ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
MSConfigStartUp-amd_dc_opt - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe
MSConfigStartUp-LightScribe Control Panel - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
MSConfigStartUp-RoxioDragToDisc - C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Jogiant\AppData\Roaming\Mozilla\Firefox\Profiles[u]0[/u]ivspsvg.default
.

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-09-11 14:54:45
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

.
Completion time: 2008-09-11 14:56:56
ComboFix-quarantined-files.txt 2008-09-11 18:55:53

Pre-Run: 26,944,798,720 bytes free
Post-Run: 27,672,231,936 bytes free

264 — E O F — 2008-09-10 12:26:15

13

Upload c’est fichier sur virus total et colle le rapport

14

Bonsoir,
est-ce qu’il y’a un meilleur moyen que de scanner les fichier un par un??? Parce que je viens d’en scanner un pis de la maniere que sa s’enligne sa vas me prendre au moin 3 heures (que j’ai pas) pis tu vas avoir genre 8 pages de log…

15

Non, mais si t’ouvre plusieurs page tu peut en mettre plusieur en même temps :wink:

Tu a qu’a mettre le lien vers le rapport de l’analyse :wink:

16

Bonjour,
voila le travail! les ??? sa veut dire que sa l’existe pas, en tk je l’ai pas trouver pis c’est pas que j’ai pas chercher!

C:\Windows\System32\emdmgmt.dll — http://www.virustotal.com/fr/analisis/079e81cb141ec418e647912b3cea491c
C:\Windows\System32\dataclen.dll — www.virustotal.com…
C:\Windows\System32\FDRpage.dll — www.virustotal.com…
C:\Windows\System32\CreateDir.exe — www.virustotal.com…
C:\Windows\System32\FDRdriver.dll www.virustotal.com…
C:\Windows\System32\drivers\Samhid.sys www.virustotal.com…
C:\Windows\System32\fmod.dll www.virustotal.com…

C:\Windows\Not so deep.swf Les affaires not so deep c’était un scrennsaver, je l.ai déinstaller et j’ai effacer les fichier.
C:\Windows\Not so deep.scr
C:\Windows\Not so deep.exe
C:\Windows\Not so deep.c3
C:\Windows\Not so deep.c1
C:\Windows\Not so deep.c4
C:\Windows\Not so deep.ini

C:\Windows\System32\trayicon.ocx www.virustotal.com…
C:\Windows\BlendSettings.ini www.virustotal.com…
C:\Windows\System32\ShellManager310E2D762.dll www.virustotal.com…
C:\Windows\System32\NEROINSTAEC43759.DB www.virustotal.com…
C:\Windows\System32\mbmouse.ocx www.virustotal.com…
C:\Windows\System32\trayicon_handler.ocx www.virustotal.com…
C:\Windows\System32\StructuredQuerySchema.bin www.virustotal.com…
C:\Windows\System32\StructuredQuerySchemaTrivial.bi n www.virustotal.com…
C:\Windows\System32\atitmmxx.dll www.virustotal.com…
C:\Windows\System32\atiadlxx.dll www.virustotal.com…
C:\Windows\System32\SPReview.exe www.virustotal.com…
C:\Windows\System32\SPWizUI.dll www.virustotal.com…
C:\Users\All Users\ezsidmv.dat ???
C:\ProgramData\ezsidmv.dat ???

17

C’est url n’est pas bonne :wink:

Fait des scan en ligne avec Housecall[/url] et [url=http://www.bitdefender.fr/scan_fr/scan8/ie.html]bitdefender