Virus csrss.exe

gringozor62 Messages postés 11 Statut Membre -  
 Utilisateur anonyme -
Bonjour à tous,

Etant un mauvais utilisateur de mon ordinateur me voilà avec des programmes plus que bizarre ! alors lorsque je fais ctrl/alt/suppr j'observe certains programmes "suspect" je nettoie régulièrement ma machine avec ccleaner et je viens de faire un scan avec spybot et rien n'a faire ! ces programmes sont toujours présent les voici.
csrss.exe
winlogon.exe
atieclxx.exe

Je vous colle un rapport hijackthis Ps: Je suis très curieux de savoir comment vous faite pour détecter des virus à partir de ce genre de rapport. Vous pouvez m'expliquer ?

Merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:16, on 06/11/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Vanbellingen\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/3
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10104 bytes

12 réponses

  1. Utilisateur anonyme
     
    bonjour,
    les nouvelles infections patchent les fichiers légitimes de windows,
    donc les liens que tu as mis ici correspondent aux fichiers sains, avec un MD5 bien défini !!!

    le nom du fichier tout court ne veut rien dire !!!

    O.o°*??? Membre, Contributeur Sécurité CCM o°.Oø¤º°'°º¤ø
    1
    1. Utilisateur anonyme
       
      Ah ok alors sorry pour ma réponse, je ne pensai pas qu'ils arrivaient a patcher des fichiers systeme qui sont normalement bloquer par microsoft.
      0
    2. gringozor62 Messages postés 11 Statut Membre
       
      Merci et comment je peux faire alors pour savoir s'il sont sain ou malsain ? Désolé je suis un néophyte en informatique.
      0
  2. Utilisateur anonyme
     
    tu es sous seven, reste à voir e 32 bit ou 64 bit,

    * Télécharge ZHPDiag sur ton bureau :

    https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
    ou :
    http://www.premiumorange.com/zeb-help-process/zhpdiag.html
    ou :
    https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

    * Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.

    /!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »

    * Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
    * Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
    * Héberge le rapport ZHPDiag.txt sur Cijoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
    http://www.cijoint.fr/
    ou :
    http://ww38.toofiles.com/fr/documents-upload.html

    tuto zhpdiag :
    http://www.premiumorange.com/zeb-help-process/zhpdiag.html
    1
    1. gringozor62 Messages postés 11 Statut Membre
       
      je suis sur 64 bits
      0
    2. gringozor62 Messages postés 11 Statut Membre
       
      Lorsque je souhaite executer le programme, il écrit :
      Impossible d'exécuter le programme,
      C:/Program Files (x86)/ZHPDiag/ZHPDiag.exe
      create process a échoué ; code 740
      L'opération demandée nécessite une évaluation
      0
    3. gringozor62 Messages postés 11 Statut Membre
       
      ha non c'est bon j'y arrive attend un peu
      0
  3. gringozor62 Messages postés 11 Statut Membre
     
    De plus, j'ai actuellement norton qui va bientôt arriver à expiration. Il me demande d'acheter un abonnement, vous pensez que ça vaut le cout d'avoir un anti-virus payant ou bien c'est gaspiller de l'argent ? Avast edition familial ne suffit-il pas ?
    0
  4. Utilisateur anonyme
     
    /!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. gringozor62 Messages postés 11 Statut Membre
     
    Avec beaucoup de mal mais je pense avoir fait ce que tu me demmandais.
    Merci beaucoup !

    http://www.cijoint.fr/cjlink.php?file=cj201011/cijrm711uY.txt
    0
  7. Utilisateur anonyme
     
    tu est sous seven 64 bit !

    norton en antivirus,

    désinstalle spybot, il est inutile !!!

    pas d'infectiions visibles sur ton rapport,

    mais pour en être sure :

    cherche le chemin d'accès à ces fichiers :

    csrss.exe
    winlogon.exe
    explorer.exe

    fais les analyer un par un sur ce site :

    Rends toi sur ce site :
    https://www.virustotal.com/gui/
    clique sur parcourir et cherche ce fichier :

    (chemin d'accès du fichier)

    clique sur send file
    un rappoort va s-élaborer ligne à ligne
    attends un peu, il doit comprendre la taille du fichier envoyé
    une fois le rapport complet, copie et colle le lien du rapport sur ton prochain mesage.
    Merci

    0
  8. gringozor62 Messages postés 11 Statut Membre
     
    pour explorer.exe
    File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
    MD5: 9aaaec8dac27aa17b053e6352ad233ae
    Date first seen: 2010-01-11 14:55:23 (UTC)
    Date last seen: 2010-11-06 07:54:24 (UTC)
    Detection ratio: 0/43

    What do you wish to do?

    Antivirus Version Last Update Result
    AhnLab-V3 2010.11.06.00 2010.11.06 -
    AntiVir 7.10.13.145 2010.11.05 -
    Antiy-AVL 2.0.3.7 2010.11.06 -
    Authentium 5.2.0.5 2010.11.05 -
    Avast 4.8.1351.0 2010.11.06 -
    Avast5 5.0.594.0 2010.11.06 -
    AVG 9.0.0.851 2010.11.06 -
    BitDefender 7.2 2010.11.06 -
    CAT-QuickHeal 11.00 2010.11.04 -
    ClamAV 0.96.2.0-git 2010.11.06 -
    Comodo 6628 2010.11.06 -
    DrWeb 5.0.2.03300 2010.11.06 -
    Emsisoft 5.0.0.50 2010.11.06 -
    eSafe 7.0.17.0 2010.11.04 -
    eTrust-Vet 36.1.7958 2010.11.05 -
    F-Prot 4.6.2.117 2010.11.05 -
    F-Secure 9.0.16160.0 2010.11.06 -
    Fortinet 4.2.249.0 2010.11.06 -
    GData 21 2010.11.06 -
    Ikarus T3.1.1.90.0 2010.11.06 -
    Jiangmin 13.0.900 2010.11.06 -
    K7AntiVirus 9.67.2903 2010.11.03 -
    Kaspersky 7.0.0.125 2010.11.06 -
    McAfee 5.400.0.1158 2010.11.06 -
    McAfee-GW-Edition 2010.1C 2010.11.05 -
    Microsoft 1.6301 2010.11.06 -
    NOD32 5597 2010.11.06 -
    Norman 6.06.10 2010.11.06 -
    nProtect 2010-11-06.01 2010.11.06 -
    Panda 10.0.2.7 2010.11.06 -
    PCTools 7.0.3.5 2010.11.06 -
    Prevx 3.0 2010.11.06 -
    Rising 22.72.04.00 2010.11.06 -
    Sophos 4.59.0 2010.11.06 -
    Sunbelt 7234 2010.11.06 -
    SUPERAntiSpyware 4.40.0.1006 2010.11.06 -
    Symantec 20101.2.0.161 2010.11.06 -
    TheHacker 6.7.0.1.076 2010.11.05 -
    TrendMicro 9.120.0.1004 2010.11.06 -
    TrendMicro-HouseCall 9.120.0.1004 2010.11.06 -
    VBA32 3.12.14.1 2010.11.05 -
    ViRobot 2010.10.4.4074 2010.11.06 -
    VirusBuster 12.71.7.0 2010.11.05 -
    Additional information
    Show all
    MD5 : 9aaaec8dac27aa17b053e6352ad233ae
    SHA1 : 0f841176602288ee1be832573265f88ca78f4ba7
    SHA256: 2d5173acf0bd6ac49670f7c83fd79af552ba9d989de8ba557459191c08a8a1af
    ssdeep: 49152:En4AcISFxyx5PxlPtBC6g17vYYYYYYYYYYYRYYYYYYYYYYE3iA7/eFUJN9ojoso6:E4AT
    jYvYYYYYYYYYYYRYYYYYYYYYYE3O
    File size : 2870272 bytes
    First seen: 2010-01-11 14:55:23
    Last seen : 2010-11-06 16:16:21
    Magic: PE32+ executable for MS Windows (GUI) Mono/.Net assembly
    TrID:
    Win64 Executable Generic (95.5%)
    Generic Win/DOS Executable (2.2%)
    DOS Executable Generic (2.2%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    sigcheck:
    publisher....: Microsoft Corporation
    copyright....: (c) Microsoft Corporation. All rights reserved.
    product......: Microsoft_ Windows_ Operating System
    description..: Windows Explorer
    original name: EXPLORER.EXE
    internal name: explorer
    file version.: 6.1.7600.16450 (win7_gdr.091030-1504)
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned
    PEiD: -
    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x2C138
    timedatestamp....: 0x4AEBAB8D (Sat Oct 31 03:14:21 2009)
    machinetype......: 0x8664

    [[ 6 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0xB79E9, 0xB7A00, 6.32, 94607f5cea50bb5d1a7b2d25137a96b3
    .rdata, 0xB9000, 0x2EA74, 0x2EC00, 3.91, 3d671428ae02bdefcf61935e382eca08
    .data, 0xE8000, 0x3ED4, 0x3A00, 0.85, 92b3e18ae383403ea3eaf50a2624851e
    .pdata, 0xEC000, 0xCC84, 0xCE00, 6.01, 8da6f0fc9290daafcd68f0f5a4a7042f
    .rsrc, 0xF9000, 0x1C2E80, 0x1C3000, 5.52, b4a3c49026c105984586ce6839127d94
    .reloc, 0x2BC000, 0x2654, 0x2800, 5.4, 7c190c6e05cf140be655ffefd35bd491

    [[ 19 import(s) ]]
    advapi32.dll: RegCreateKeyW, RegCloseKey, RegOpenKeyExW, RegGetValueW, EventWrite, EventEnabled, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegisterTraceGuidsW, UnregisterTraceGuids, RegQueryValueExW, GetLengthSid, GetTokenInformation, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, EventRegister, EventUnregister, TraceMessage, RegOpenKeyW, RegDeleteValueW, RegQueryInfoKeyW, RegEnumValueW, LsaOpenPolicy, GetSidSubAuthorityCount, LsaClose, IsValidSid, LsaFreeMemory, StartTraceW, EnableTraceEx, StopTraceW, CryptAcquireContextW, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, CryptReleaseContext, StartServiceW, CreateWellKnownSid, RegEnumKeyExW, GetSidSubAuthority, LsaLookupSids, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, CheckTokenMembership, QueryServiceStatus, OpenSCManagerW, OpenServiceW, CloseServiceHandle, ConvertStringSidToSidW, OpenThreadToken
    dwmapi.dll: -, -, DwmEnableBlurBehindWindow, DwmSetWindowAttribute, DwmIsCompositionEnabled, DwmQueryThumbnailSourceSize, -, DwmUpdateThumbnailProperties, DwmUnregisterThumbnail, -, -
    explorerframe.dll: -, -
    gdi32.dll: LPtoDP, GetRgnBox, OffsetViewportOrgEx, GetStockObject, GdiFlush, CombineRgn, OffsetRgn, SetLayout, SetWindowOrgEx, StretchBlt, GetTextExtentPoint32W, CreatePen, Polyline, GetRegionData, GetTextColor, GetLayout, GetTextMetricsW, ExtCreateRegion, SetDIBits, SelectClipRgn, SetViewportOrgEx, GetViewportOrgEx, IntersectClipRect, GetClipRgn, CreateRectRgn, GetBkColor, PatBlt, CreateBitmap, SetBkMode, SetTextColor, SetBkColor, OffsetWindowOrgEx, CreateCompatibleBitmap, GetTextExtentPointW, GetClipBox, GetObjectW, GdiAlphaBlend, BitBlt, GetDeviceCaps, CreateFontIndirectW, CreateRectRgnIndirect, CreateCompatibleDC, CreateDIBSection, SelectObject, DeleteObject, DeleteDC, ExtTextOutW
    gdiplus.dll: GdipSetInterpolationMode, GdipDrawImageRectI, GdipCloneImage, GdipGetImageWidth, GdipGetImageHeight, GdipCreateBitmapFromHBITMAP, GdiplusStartup, GdiplusShutdown, GdipFree, GdipAlloc, GdipDisposeImage, GdipCreateFromHDC, GdipDeleteGraphics, GdipSetCompositingMode
    kernel32.dll: DelayLoadFailureHook, LoadLibraryExA, ReadFile, GetFileSize, CreateFileW, FlushInstructionCache, RaiseException, SetLastError, OpenThread, GetSystemTimeAsFileTime, GetLocaleInfoW, GetDateFormatW, GetTimeFormatW, GetLocalTime, MultiByteToWideChar, GetCurrentThreadId, GetCurrentProcessId, GetModuleHandleW, OpenEventW, InterlockedPopEntrySList, FindClose, FindNextFileW, GetLongPathNameW, SetProcessShutdownParameters, GetStartupInfoW, ReleaseMutex, CreateMutexW, InitializeCriticalSection, DeleteCriticalSection, VirtualAlloc, InterlockedPushEntrySList, SetUnhandledExceptionFilter, QueryPerformanceCounter, TerminateProcess, UnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, VirtualFree, lstrcmpiW, CompareStringOrdinal, FindFirstFileW, SetErrorMode, CreateEventW, GetSystemDirectoryW, GetVersionExW, FreeLibrary, GetProcAddress, LoadLibraryW, GetUserDefaultUILanguage, WaitForSingleObject, SetTermsrvAppInstallMode, GetFileAttributesW, RegisterApplicationRestart, GlobalGetAtomNameW, ExpandEnvironmentStringsW, SystemTimeToFileTime, GetSystemTime, MulDiv, GetTickCount64, GetThreadPriority, LeaveCriticalSection, EnterCriticalSection, SetEvent, GetCurrentThread, SetThreadPriority, GetTickCount, GetUserDefaultLangID, ExitProcess, HeapDestroy, UnmapViewOfFile, MapViewOfFile, SearchPathW, GetDynamicTimeZoneInformation, GetTimeZoneInformation, GetBinaryTypeW, QueryPerformanceFrequency, QueueUserWorkItem, LoadLibraryExW, GetProductInfo, TerminateThread, CreateIoCompletionPort, GetQueuedCompletionStatus, LoadLibraryA, DeleteFileW, GetProcessId, GetModuleHandleA, GetWindowsDirectoryW, CompareStringW, lstrcmpA, CompareFileTime, QueryFullProcessImageNameW, CreateFileMappingW, ResetEvent, WideCharToMultiByte, GlobalFree, DuplicateHandle, GetCurrentDirectoryW, WaitForMultipleObjects, GetComputerNameW, GlobalLock, GlobalUnlock, GlobalAlloc, lstrlenA, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, LockResource, LoadResource, FindResourceExW, HeapAlloc, HeapFree, GetProcessHeap, GetCurrentProcess, GetCommandLineW, GetPrivateProfileStringW, GetModuleFileNameW, CreateProcessW, lstrlenW, OpenProcess, LocalFree, LocalAlloc, QueryInformationJobObject, Sleep, CreateThread, SetPriorityClass, GetPriorityClass, ResumeThread, AssignProcessToJobObject, SetInformationJobObject, GetLastError, CreateJobObjectW, CloseHandle
    msvcrt.dll: _vsnwprintf, free, wcsstr, iswalpha, wcschr, realloc, _wcsicmp, cosf, _wtoi, memcmp, sqrt, ceil, bsearch, __wgetmainargs, __C_specific_handler, _XcptFilter, _exit, _cexit, exit, _wcmdln, _initterm, _amsg_exit, __setusermatherr, _commode, _terminate@@YAXXZ, _onexit, _lock, __dllonexit, _unlock, __set_app_type, memmove, memcpy, memset, _fmode, malloc, sin
    ntdll.dll: WinSqmSetString, WinSqmSetDWORD, WinSqmAddToStreamEx, NtSetSystemInformation, WinSqmAddToStream, WinSqmEventEnabled, WinSqmIsOptedIn, NtSetInformationProcess, NtQueryInformationToken, NtOpenProcessToken, NtClose, NtOpenThreadToken, RtlGetProductInfo, EtwEventEnabled, EtwEventWrite, NtQueryInformationProcess
    ole32.dll: CoInitializeEx, CLSIDFromString, CoGetMalloc, CoGetInterfaceAndReleaseStream, RevokeDragDrop, RegisterDragDrop, CoUninitialize, CoInitialize, CoMarshalInterThreadInterfaceInStream, CoFreeUnusedLibraries, CoRegisterMessageFilter, StringFromGUID2, OleUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoCreateInstance, CoTaskMemFree, CreateStreamOnHGlobal, ReleaseStgMedium, PropVariantClear, CreateBindCtx, CoTaskMemAlloc, CoCreateFreeThreadedMarshaler
    oleaut32.dll: -, -, -, -, -, -
    powrprof.dll: CallNtPowerInformation, PowerDeterminePlatformRole, GetPwrCapabilities
    propsys.dll: PSCreateMemoryPropertyStore, VariantToStringAlloc, VariantToStringWithDefault, PropVariantToString, VariantToBooleanWithDefault, PropVariantToInt64, VariantToInt32WithDefault, PropVariantToBoolean, PropVariantToUInt64, PropVariantToUInt32, PropVariantToStringAlloc
    rpcrt4.dll: NdrClientCall3, I_RpcExceptionFilter, RpcStringFreeW, RpcBindingFree, RpcBindingSetAuthInfoExW, RpcStringBindingComposeW, RpcBindingFromStringBindingW
    secur32.dll: GetUserNameExW
    shell32.dll: -, -, -, SHCreateDataObject, SHGetLocalizedName, -, -, -, -, -, -, Shell_GetCachedImageIndexW, -, -, -, -, -, -, SHGetStockIconInfo, -, -, SHGetPropertyStoreForWindow, -, -, -, -, -, -, SHGetSpecialFolderLocation, SHCreateItemWithParent, SHBindToFolderIDListParent, SHBindToFolderIDListParentEx, -, SHChangeNotify, -, -, SHGetFileInfoW, -, -, -, SHParseDisplayName, -, -, SHGetFolderLocation, -, SHGetSpecialFolderPathW, SHBindToObject, -, -, -, -, -, -, SHGetKnownFolderIDList, ShellExecuteExW, -, -, -, -, SHGetNameFromIDList, -, SHCreateShellItem, -, -, -, -, SHChangeNotifyRegisterThread, -, -, -, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, SHFileOperationW, SHGetFolderPathEx, SHUpdateRecycleBinIcon, -, -, -, -, SHBindToParent, SHGetFolderPathW, SHGetPathFromIDListA, ShellExecuteW, SHEnableServiceObject, -, -, -, -, SHGetIDListFromObject, -, SHCreateItemFromIDList, -, SHAddToRecentDocs, Shell_NotifyIconW, Shell_NotifyIconGetRect, ExtractIconExW, SHEvaluateSystemCommandTemplate, -, SHCreateShellItemArrayFromIDLists, -, -, DragQueryFileW, SHGetKnownFolderPath, SHCreateShellItemArrayFromShellItem, SHCreateItemFromParsingName, -
    shlwapi.dll: StrStrIW, -, -, AssocQueryStringW, PathQuoteSpacesW, -, SHDeleteKeyW, -, -, SHRegGetUSValueW, -, -, -, -, -, -, -, PathIsNetworkPathW, -, SHOpenRegStream2W, -, SHRegGetBoolUSValueW, -, SHStrDupW, StrChrIW, -, -, -, PathFileExistsW, PathGetDriveNumberW, -, -, -, -, -, PathRemoveFileSpecW, PathIsDirectoryW, -, -, SHRegGetValueW, -, ChrCmpIW, -, AssocQueryKeyW, PathStripPathW, -, PathIsRootW, -, PathParseIconLocationW, StrCmpIW, -, StrCmpW, PathIsPrefixW, -, -, -, -, -, -, SHCreateStreamOnFileW, SHQueryInfoKeyW, StrCmpNW, StrTrimW, -, -, -, PathStripToRootW, StrRetToBufW, PathCommonPrefixW, -, -, -, -, SHStrDupA, -, PathRemoveExtensionW, -, PathIsFileSpecW, -, -, AssocCreate, -, -, -, StrRetToStrW, StrToIntW, StrChrW, -, -, -, PathCombineW, -, SHCreateThreadRef, SHSetThreadRef, -, SHGetValueW, PathFindFileNameW, PathRemoveArgsW, PathRemoveBlanksW, StrCmpNIW, PathGetArgsW, -, -, SHSetValueW, SHDeleteValueW, PathAppendW, -, -, -, -, -, -, PathFindExtensionW, -, -
    slc.dll: SLGetWindowsInformationDWORD
    user32.dll: CopyRect, SetRect, CreateWindowExW, DialogBoxParamW, GetClassInfoW, GetClassInfoExW, GetMenuItemInfoW, GetMenuItemCount, DefWindowProcW, ActivateKeyboardLayout, GetCursorPos, InsertMenuW, GetMenuStringW, SetMenuItemInfoW, InsertMenuItemW, IsChild, IsWinEventHookInstalled, IsProcessDPIAware, IsRectEmpty, UnionRect, GetClassLongW, SetClassLongW, GetGUIThreadInfo, GetDlgCtrlID, GetNextDlgGroupItem, GetNextDlgTabItem, MoveWindow, ChildWindowFromPointEx, GetWindowDC, CharUpperW, UnregisterClassW, FrameRect, WindowFromDC, SendMessageCallbackW, UpdateLayeredWindow, GetUserObjectInformationW, GetProcessWindowStation, GetThreadDesktop, ShowWindowAsync, BringWindowToTop, GetClassLongPtrW, GetIconInfo, RegisterShellHookWindow, DeregisterShellHookWindow, FlashWindowEx, SetThreadDesktop, EndTask, OpenInputDesktop, CloseDesktop, GetMenuState, IsZoomed, SetScrollInfo, GetScrollInfo, SetScrollPos, InternalGetWindowText, GetWindowInfo, GetCaretBlinkTime, SetLayeredWindowAttributes, GetLayeredWindowAttributes, GetUpdateRect, SetWindowsHookExW, UnhookWindowsHookEx, CallNextHookEx, SetFocus, GetAncestor, ReleaseCapture, GetDoubleClickTime, RegisterWindowMessageW, SetWindowTextW, SetWindowPlacement, SetRectEmpty, EnumDisplayMonitors, InflateRect, EqualRect, UpdateWindow, GetMonitorInfoW, MonitorFromPoint, MonitorFromRect, CharPrevW, GetMessageW, TranslateMessage, DispatchMessageW, CreatePopupMenu, GetMenuDefaultItem, SendNotifyMessageW, LockSetForegroundWindow, ChangeWindowMessageFilterEx, IntersectRect, MonitorFromWindow, IsWindowVisible, GetForegroundWindow, EnumWindows, GetParent, IsWindow, TranslateAcceleratorW, WaitMessage, GetWindowTextW, GetClientRect, TrackPopupMenuEx, SetActiveWindow, GetKeyState, GhostWindowFromHungWindow, RegisterClassW, LoadCursorW, SubtractRect, RedrawWindow, BeginDeferWindowPos, DeferWindowPos, EndDeferWindowPos, InvalidateRect, OffsetRect, SendMessageTimeoutW, SetWindowRgn, UpdateLayeredWindowIndirect, GetWindowRgnBox, LoadImageW, GetWindowPlacement, SetForegroundWindow, GetLastInputInfo, RemovePropW, GetLastActivePopup, SwitchToThisWindow, MessageBeep, GetActiveWindow, GetFocus, SetCursor, UnregisterHotKey, RegisterHotKey, SendDlgItemMessageW, EndDialog, GetDesktopWindow, GetAsyncKeyState, ChildWindowFromPoint, SetCursorPos, GetMessagePos, BeginPaint, FillRect, DrawEdge, EndPaint, GetSystemMenu, EnableMenuItem, ExitWindowsEx, LoadIconW, DestroyIcon, IsIconic, DeleteMenu, CheckMenuItem, ModifyMenuW, WindowFromPoint, ClientToScreen, TrackPopupMenu, IsHungAppWindow, GetWindowThreadProcessId, AppendMenuW, CascadeWindows, TileWindows, LockWorkStation, ScreenToClient, RegisterClipboardFormatW, NotifyWinEvent, GetSysColor, DrawFocusRect, AdjustWindowRectEx, CopyIcon, MsgWaitForMultipleObjects, SetWinEventHook, RegisterClassExW, GetDlgItem, EnableWindow, GetDlgItemInt, SetDlgItemInt, IsDlgButtonChecked, IsWindowEnabled, CheckDlgButton, CallWindowProcW, SetCapture, DrawTextW, AdjustWindowRect, CalculatePopupWindowPosition, GetMessageExtraInfo, GetCapture, SetGestureConfig, DrawIconEx, RemoveMenu, SetMenuDefaultItem, LoadMenuW, GetSubMenu, AllowSetForegroundWindow, LoadAcceleratorsW, TrackMouseEvent, CharNextW, GetWindow, GetSysColorBrush, GetPropW, HungWindowFromGhostWindow, SetWindowCompositionAttribute, GetWindowLongW, MsgWaitForMultipleObjectsEx, EnumChildWindows, SendMessageW, PtInRect, GetKeyboardLayout, GetWindowRect, DestroyMenu, SystemParametersInfoW, ShowWindow, MapWindowPoints, SetTimer, SetPropW, KillTimer, SetWindowPos, GetWindowLongPtrW, PostQuitMessage, SetWindowLongPtrW, DestroyWindow, ShutdownBlockReasonCreate, LoadStringW, PostMessageW, PeekMessageW, ReleaseDC, GetDC, FindWindowW, GetSystemMetrics, GetShellWindow, GetClassNameW
    uxtheme.dll: GetThemeBackgroundExtent, GetThemeBackgroundRegion, GetThemeColor, IsThemePartDefined, GetThemeRect, DrawThemeIcon, GetBufferedPaintBits, BufferedPaintClear, IsAppThemed, IsCompositionActive, OpenThemeData, CloseThemeData, SetWindowTheme, GetThemeMetric, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, GetThemeBool, DrawThemeParentBackground, GetWindowTheme, GetThemeBackgroundContentRect, GetThemePartSize, BeginBufferedPaint, DrawThemeTextEx, EndBufferedPaint, GetThemeMargins, BufferedPaintInit, BufferedPaintUnInit, IsThemeActive, -
    ExifTool:
    file metadata
    CharacterSet: Unicode
    CodeSize: 752128
    CompanyName: Microsoft Corporation
    EntryPoint: 0x2c138
    FileDescription: Windows Explorer
    FileFlagsMask: 0x003f
    FileOS: Windows NT 32-bit
    FileSize: 2.7 MB
    FileSubtype: 0
    FileType: Win32 EXE
    FileVersion: 6.1.7600.16450 (win7_gdr.091030-1504)
    FileVersionNumber: 6.1.7600.16450
    ImageVersion: 6.1
    InitializedDataSize: 2118144
    InternalName: explorer
    LanguageCode: English (U.S.)
    LegalCopyright: Microsoft Corporation. All rights reserved.
    LinkerVersion: 9.0
    MIMEType: application/octet-stream
    MachineType: AMD AMD64
    OSVersion: 6.1
    ObjectFileType: Executable application
    OriginalFilename: EXPLORER.EXE
    PEType: PE32+
    ProductName: Microsoft Windows Operating System
    ProductVersion: 6.1.7600.16450
    ProductVersionNumber: 6.1.7600.16450
    Subsystem: Windows GUI
    SubsystemVersion: 6.1
    TimeStamp: 2009:10:31 04:14:21+01:00
    UninitializedDataSize: 0
    0
  9. Utilisateur anonyme
     
    demande sur le site de réanalyser ton fichier, copie et colle le line du rapport de sitre sur ton prochain message
    0
  10. gringozor62 Messages postés 11 Statut Membre
     
    http://www.virustotal.com/file-scan/compact.html?id=2d5173acf0bd6ac49670f7c83fd79af552ba9d989de8ba557459191c08a8a1af-1289061000
    0
  11. Utilisateur anonyme
     
    ok, passe les autres au VT,
    winlogon et explorer.exe
    0
    1. gringozor62 Messages postés 11 Statut Membre
       
      c'était explorer.exe
      pour les autres, j'arrive à les voir en dossier caché dans mon explorateur windows mais je n'arrive pas à les télécharger avec ton site. winlogon et csrss ne sont pas accessible même en demandant d'afficher les dossier caché au préalable.
      0
  12. Utilisateur anonyme
     
    Va dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
    * "Afficher les fichiers et dossiers cachés" ---> coché
    * "Masquer les extensions des fichiers dont le type est connu" ---> décoché
    * "masquer les fichiers du système" ---> décoché
    -> valide le motif ( "appliquer" puis "ok" ).
    ( tu remettras les paramètres de départ une fois la désinfection terminée , pas avant ... )

    trouve les et passe les sur VT :-)
    0
  13. Utilisateur anonyme
     
    Bonjour
    ceci n'ai pas du tout un virus

    pour preuve https://www.commentcamarche.net/faq/48978-csrss-exe-c-est-quoi

    https://www.commentcamarche.net/contents/962-winlogon-winlogon-exe

    et enfin le dernier a déjà été traiter sur CCM
    https://forums.commentcamarche.net/forum/affich-15643016-processus-atieclxx-exe-impossible-a-arreter

    une petite recherche direct sur google avec les nom de fichier t'aurai donner directement les liens que je t'ai transmis

    bonne continuation
    cordialement
    -1
    1. gringozor62 Messages postés 11 Statut Membre
       
      J'ai honte de l'avoué mais oui ils sont en effet facilement trouvable sur google mais je pensais devoir faire de copie collé de rapport hijackthis tout ça
      0