Sujet Précédent Sujet Suivant

Csrss manquant au demarrage de Vista

Résolu/Fermé
dick - 1 févr. 2011 à 13:52
 Utilisateur anonyme - 15 févr. 2011 à 02:17
Bonjour,





je viens de recuperer un ordi avec vista et au demarrage il me marque que le fichier csrss.exe (C:\Users\ \AppData\Local\Temp\csrss.exe") est manquant.

Je ne sais pas si ca provoque quelque chose ou si c'est un reste de virus. Bref je n'y connais pas grand chose mais j'ai enve de corriger ca

merci de votre aide
A voir également:

37 réponses

Précédent
  • 1
  • 2
Réponse 21 / 37
Utilisateur anonyme
6 févr. 2011 à 22:18
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.


▶ Télécharge ici :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

0
Réponse 22 / 37
dick
7 févr. 2011 à 10:25
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5698

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

07/02/2011 01:06:06
mbam-log-2011-02-07 (01-06-06).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 298770
Temps écoulé: 1 heure(s), 49 minute(s), 58 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 214

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\programdata\MPK (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\CPDA (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\CPDM (Refog.Keylogger) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\UsbFix\quarantine\C\$RECYCLE.BIN\s-1-5-21-2436683669-429221423-3439433551-1005\$re1a5hb.exe.vir (Keylogger.Logixoft) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\$RECYCLE.BIN\s-1-5-21-2436683669-429221423-3439433551-1005\$RVA5EQS\rkfree.exe.vir (Keylogger.Logixoft) -> Quarantined and deleted successfully.
c:\Users\aaa\AppData\Roaming\kgp7frtekeszeogyuq\camspy v2.3 installer\2.3.0.0\update-489361.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
c:\Users\aaa\documents\vuze downloads\kgb key logger 4.5.4 + serial [thumper(TM)]\kgb_setup-454.exe (Monitor.KGBSpy) -> Quarantined and deleted successfully.
c:\Users\aaa\documents\vuze downloads\windows 7 ultimate (32 bit)\other windows 7 activation tools\remove windows activation technologies 2.2.6.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.
c:\Users\aaa\documents\vuze downloads\windows 7 ultimate (32 bit)\other windows 7 activation tools\se7en activator v3.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Users\aaa\documents\vuze downloads\windows 7 ultimate (32 bit)\other windows 7 activation tools\windows 7 loader 1.7.9\windows 7 loader 1.7.9.0.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Users\aaa\documents\vuze downloads\windows 7 ultimate (32 bit)\unique tools\remove windows genuine advantage notifications.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.
c:\Kill'em\quarantine\.exe.kill'em (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\application updater\applicationupdater.exe.vir (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\search settings\searchsettings.dll.vir (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\search settings\searchsettingsres409.dll.vir (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\search settings\FF\components\searchsettingsff.dll.vir (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\list_kill'em\serv_impath.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\program files\list_kill'em\Upl.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\programdata\MPK\refog free keylogger.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_6407035069 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_6441756134 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_6542220486 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_6576940278 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_6654238310 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_6722910764 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_6757634722 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_6792353125 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_6827073958 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_6924050463 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_7065347454 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_7100068171 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_7134789815 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_7169510069 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_7252703588 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_7321204977 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_7358179167 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_8748057986 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_8782835069 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_8817815046 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_8852220139 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_8886940856 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_8921662153 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_8956382870 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_8991103704 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_9025824421 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_9060545255 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_9095303819 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_9129987384 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_9164708102 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_9199429282 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40567_3215138079 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40567_3249859954 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40567_3284580903 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40567_3319301042 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40567_3354022569 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40567_3388742477 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40567_4837154167 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40567_4871874537 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40567_4906595139 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40567_5555588657 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40567_5591838542 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40567_5624853935 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40567_5659574769 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40567_5694296412 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_2988971181 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3023691782 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3059182755 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3093149306 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3127992940 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3188338310 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3223745833 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3257783912 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3292500926 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3327221181 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3361942824 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3396663426 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3431383796 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3466104861 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40566_7286484606 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3500826389 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4091080556 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4716056250 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5406909954 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6099048264 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6694388542 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_7003400926 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_7558935069 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3535546644 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3570267477 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3604988542 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3639709722 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3674430093 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3709150810 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3743872222 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3778592708 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3813314005 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3848035764 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3882755208 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3917476505 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3952197454 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_3986917940 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4021639120 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4056359606 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4125802315 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4160522222 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4195297106 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4229963889 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4264684954 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4299406019 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4334127315 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4368847569 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4403568287 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4438289120 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4473010185 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4507730903 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4542451968 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4577173380 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4611894097 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4681336111 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4750777546 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4785498495 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4820218750 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4854939931 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4889660880 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4924381713 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4959102778 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_4993905903 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5028544676 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5063264931 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5097985764 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5202148495 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5236869907 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5271590278 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5306311111 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5372189468 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5441631250 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5476352199 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5511072454 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5545793287 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5580750000 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5615425463 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5682397222 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5717117940 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5825337732 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5856001736 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5891665394 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5925443634 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5960164120 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_5994885301 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6029606250 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6064327199 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6133768287 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6168489352 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6203210301 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6237931019 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6272651968 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6307456019 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6342096181 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6376816435 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6411537153 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6446258565 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6480978935 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6515699884 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6550421065 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6585141667 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6620240625 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6657269907 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6729109954 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6740994676 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6742753935 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6743460417 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6745368287 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6763830903 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6795887731 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6798551157 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6798801042 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6801266435 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6805194329 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6806371296 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6833272106 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6867992940 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6933959143 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_6968680208 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_7038123611 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_7072843287 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_7107563657 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_7142284491 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_7177005440 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_7211726968 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_7246447801 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_7281168056 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_7294991782 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_7298926620 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_7315889352 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_7350609838 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_7385331019 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_7454772801 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_7489493171 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_7524214699 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_8165176620 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_8199897454 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_8323499537 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_8358220255 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_8601267014 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_8635987153 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_8695125116 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_8729846759 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_8765684722 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_8799288310 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_8834008912 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_8868730093 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_8903450463 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_8938171412 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_8972892824 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_9007613773 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_9042333912 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40568_9077054745 (Refog.Keylogger) -> Quarantined and deleted successfully.
0
Réponse 23 / 37
Utilisateur anonyme
7 févr. 2011 à 13:43
salut refais un scan OTL stp ?
0
Réponse 24 / 37
dick
8 févr. 2011 à 22:39
tout est bon maintenant plus aucun soucis, excepté que j'ai toujours vista....
Merci beaucoup gen-hackman de ton aide et patience.
bonne continuation a tous, je change de topic, j'ai un soucis avec ma livebox2

merci encore
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 37
Utilisateur anonyme
9 févr. 2011 à 00:28
bonsoir

ce n'est pas fini
0
Réponse 26 / 37
dick
13 févr. 2011 à 18:01
ok merci je viens de faire le OTL

http://www.cijoint.fr/cjlink.php?file=cj201102/cijm0ctPfO.txt

http://www.cijoint.fr/cjlink.php?file=cj201102/cijiKWIh6o.txt


voila, j'attends tes instruction

merci
0
Réponse 27 / 37
Utilisateur anonyme
13 févr. 2011 à 18:45
ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous "Personnalisation" :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:Services
Bonjour Service
Bandoo Coordinator
waudit
LiveUpdate Notice Ex

:OTL
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62485
FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:2.1.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)
O4 - HKCU\..\Run: [fsm] File not found
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O33 - MountPoints2\{2a99db47-b2d7-11de-a8f1-0013a98161a8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{5c80b6ed-be70-11df-bed6-0013a98161a8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{ce8a8980-2d4e-11df-921e-0013a98161a8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

:Files
C:\Program Files\BS_Player
C:\ProgramData\rkfree
C:\Users\aaa\AppData\Roaming\pcouffin.sys
C:\Users\aaa\AppData\Roaming\6490.DE6
C:\Windows\System32\runrefog.lnk
C:\Users\aaa\AppData\Roaming\shedl.bat
C:\Users\aaa\AppData\Roaming\winexpl.exe
C:\Windows\System32\.dll
C:\Users\aaa\AppData\Roaming\inst.exe
C:\Windows\System32\cl31cl3.dll
C:\Users\aaa\AppData\Roaming\winX32.dat
C:\ProgramData\LUUnInstall.LiveUpdate
C:\ProgramData\fix641169
C:\Users\aaa\AppData\Roaming\kgP7frTeKESZEogyUQ
C:\Users\aaa\AppData\Roaming\systemX64-2
@Alternate Data Stream - 3020 bytes -> C:\ProgramData\rkfree:cfg
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:DB9F45AE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A8A33726

:commands
[emptytemp]
[start explorer]
[reboot]


▶ Clique sur "Correction" pour lancer la suppression.


▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
0
Réponse 28 / 37
dick
Modifié par dick le 13/02/2011 à 23:49
salut, j'ai fais ce que tu m'a demandé mais je n'arrive pas a ouvrir le fichier. L'ouverture a ete refusée aussi apres le demarrage

est ce que je dois relancer l'operation
0
Réponse 29 / 37
Utilisateur anonyme
14 févr. 2011 à 00:51
quel est le message d'erreur ?
0
Réponse 30 / 37
dick
14 févr. 2011 à 00:58
Cannot open file C:_OTL\213323_23232.log

et quand je veut l'ouvrir directement il me marque " acces refusé"
0
Réponse 31 / 37
Utilisateur anonyme
14 févr. 2011 à 01:13
et si tu fais ca ?

clic droit dessus / envoyer vers / dossiers compressés et que tu m'envoies l'archive via cijoint.fr ??
0
Réponse 32 / 37
dick
15 févr. 2011 à 01:08
impossible acces refuse quand je veux le compresser.

une autre idée peut etre


Merci
0
Réponse 33 / 37
Utilisateur anonyme
Modifié par gen-hackman le 15/02/2011 à 02:22
et si tu executes ca tu as un "Rapport.txt" dans C:\ ?

http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/tmp/copy.exe
G3?-?@¢??@?......Concepteur de List_Kill'em...
0
Réponse 34 / 37
maiden65 Messages postés 483 Date d'inscription jeudi 27 janvier 2011 Statut Membre Dernière intervention 29 mars 2014 83
1 févr. 2011 à 14:38
Bonjour dick,

Tout d'abord, ton ordinateur démarre t-il correctement malgré ce problème de fichier ?

Ensuite pour te dire vrai, le fichier "csrss.exe" est un fichier qui fait l'objet de nombreuses contaminations par des malware et des virus.
Principalement le type de menace détectée sur ce fichier lorsqu'il est contaminé est un malware qui est ce que l'on appelle communément un "sniffeur de mot de passe".

Par le passé mon ordinateur fut lui aussi contaminé par le type de malware que je viens de te parler.
Pour l'enlever j'ai du utiliser une solution antivirus gratuite ( Emsisoft Emergency Kit*).

En l'occurrence dans ton cas, il me semble que le problème est plus grave que cela. Les solutions qui te reste selon moi sont :
- Réinstallez l'OS de Microsoft Vista en ayant un CD d'installation (Validé par Windows Genuine Advantage** de préférence) de celui-ci.
- Démarrer l'ordinateur en mode sans échec pour ensuite pouvoir utiliser une solution antivirus portable***.
- Faire décontaminer ton disque dur par un de tes proches étant protégé par un antivirus de bureau à jour.

*https://www.emsisoft.com/fr/home/emergencykit/
**http://www.microsoft.com/genuine/validate/ValidateNow.aspx?displaylang=fr
*** - Emsisoft Emergency Kit (français) https://www.emsisoft.com/fr/home/emergencykit/
- ClamWin Portable (anglais) https://portableapps.com/apps/security/clamwin_portable
- Dr.Web CureIt Portable (français) https://free.drweb.fr/cureit/?lng=fr
- HouseCall Portable (français) https://www.trendmicro.com/en_us/forHome/products/housecall.html
-1
Réponse 35 / 37
maiden65 Messages postés 483 Date d'inscription jeudi 27 janvier 2011 Statut Membre Dernière intervention 29 mars 2014 83
1 févr. 2011 à 14:53
Bon, et puis de toute manière je ne comprend pas pourquoi ton fichier csrss.exe est demandé dans le raccourci "C:\Users\ \AppData\Local\Temp\csrss.exe".

Normalement il se trouve dans le raccourci "%SystemRoot%\system32\csrss.exe" (%systemroot% étant généralement C:\WINDOWS)
-1
Réponse 36 / 37
maiden65 Messages postés 483 Date d'inscription jeudi 27 janvier 2011 Statut Membre Dernière intervention 29 mars 2014 83
1 févr. 2011 à 16:28
Qu'il soit dans ton gestionnaire de tâches est tout à fait normal étant donné que le fichier "csrss.exe" est un processus important pour la prise en charge graphique et donc l'affichage entre ton ordinateur et son écran.

Une question: As-tu accès à la commande "Exécuter" sur ton ordinateur ?
-1
maiden65 Messages postés 483 Date d'inscription jeudi 27 janvier 2011 Statut Membre Dernière intervention 29 mars 2014 83
1 févr. 2011 à 16:34
Outre cela, je te conseillerais d'utiliser le logiciel Emsisoft Emergency Kit qui est un antivirus portable (clé usb), pour faire un scan complet de ton ordinateur.C'est un logiciel gratuit, très léger d'utilisation et très performant.
Inconvénient majeur, il ne prend pas en charge la protection en temps réel.

- Emsisoft Emergency Kit (français) https://www.emsisoft.com/fr/home/emergencykit/
0
dick
1 févr. 2011 à 16:47
j'ai la commande executer
je vais recuperer l'anitvirus
0
maiden65 Messages postés 483 Date d'inscription jeudi 27 janvier 2011 Statut Membre Dernière intervention 29 mars 2014 83
1 févr. 2011 à 17:03
Dans la commande "Exécuter", entre la valeur: msconfig

Dans les fenêtres qui vont s'ouvrir cherche l'onglet Démarrage, et dedans regarde si il y a une commande activée qui contient le raccourci du fichier "csrss.exe" qui te pose problème :
C'est à dire : "C:\Users\ \AppData\Local\Temp\csrss.exe".

Si la commande est présente (celle qui te pose problème), désactive la, voir même supprime la.
Si une fenêtre te demande de redémarrer l'ordinateur, accepte.

ATTENTION !! Surtout ne désactive pas ou ne supprime pas la commande avec le raccourci "%SystemRoot%\system32\csrss.exe" des commandes de démarrage, d'accord ?
0
dick
1 févr. 2011 à 21:06
j'en au aucun des 2 mais je le vois toujours dans mon gestionnaire de tache
0
maiden65 Messages postés 483 Date d'inscription jeudi 27 janvier 2011 Statut Membre Dernière intervention 29 mars 2014 83
2 févr. 2011 à 13:11
Tu as essayé l'antivirus Emsisoft Emergency Kit ?
0
Réponse 37 / 37
maiden65 Messages postés 483 Date d'inscription jeudi 27 janvier 2011 Statut Membre Dernière intervention 29 mars 2014 83
2 févr. 2011 à 13:10
Bonjour dick,

Tu n'as donc trouvé aucun des deux raccourcis dans le démarrage ?
Évidemment tu l'as toujours dans ton gestionnaire de tâches et c'est normal.

En redémarrant ton ordinateur, à chaque fois tu as ce problème ?
-1

Discussions similaires

Clavier bloqué au demarrage :(
Alex -
Pascale -

8 réponses
5 bips au demarage de hp
Zak12345 -
Karim -

13 réponses