Virus? : nvvsvc.exe, nvxdsync.exe, winlogon.exe, csrss.exe

Solved
Abrek Posted messages 61 Registration date   Status Member Last intervention   -  
 Domad -
Hello,

Today, as sometimes happens when playing an online game, something weird happens and my screen starts to "mix up," like everything goes in every direction as if it's broken, and it happens with all the games that require UnityWebPlayer, so I have to turn it off through the tower.

When I turn it back on, I opened Task Manager and I see 4 programs? : nvvsvc, nvxdsync, csrss, and winlogon which I've seen before, but I read it was normal.
The others I just saw today and I installed UnityWebPlayer yesterday, so I'm wondering if it's related.

So I would like to know if it's dangerous, thanks to those who will reply :)

< config>Windows 7 / Chrome 34.0.1847.131</config>

19 answers

  1. Anonymous user
     
    Hello

    For further information, please do this

    Open this link and download ZHPDiag from Nicolas Coolman:

    https://toolslib.net

    Or

    https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/

    at the bottom of the ZHP page with a version number.

    Once the download is complete,

    Double-click on the icon to launch the program. In Vista; Seven or Windows 8 right-click “Run as administrator”

    In the ZHPDiag window that just opened, click on "Configure"

    Click on the magnifying glass at the bottom left with the plus sign to start the analysis.

    Let the tool work, it may take a while.

    A report opens. This report is also located on your desktop

    To send the report click on this link:
    http://pjjoint.malekal.com/

    If there's a problem use one of the following

    https://forums-fec.be/upload
    https://www.cjoint.com/

    Look on the desktop

    Select the ZHPDiag.txt file.

    Click on "Click here to upload the file".

    A link of this type:

    http://www.cijoint.com/cjlink.php?file=cj200905/cijSKAP5fU.txt

    is added on the page.

    Copy this link into your reply.

    Thank you

    @+

    --
    ***-----------------------Security Contributor-------------------------***
    We have all been beginners in something at one point.
    But knowledge is the reward of diligence.
    1
    1. Domad
       
      Do you clean or do you create a virus? !!
      0
  2. Anonymous user
     
    Re

    These 4 programs are legitimate.
    nvvsvc.exe => Nvidia
    nvxdsync.exe => Nvidia
    winlogon.exe => Windows
    csrss.exe => Windows

    We clean and finalize

    1) Empty the Malwarebytes quarantine

    2) Download DelFix from Xplode

    Run it.
    You have 5 choices:

    Reactivate UAC
    Remove disinfection tools (checked by default)
    Make a backup of the registry
    Purge system restore
    Reset factory settings

    Check those which are in bold
    and you execute
    The report is usually found here
    C:\DelFix.txt

    The rest of the security: http://forum.malekal.com/comment-securiser-son-ordinateur.html

    @+
    --
    ***-----------------------Security Contributor-------------------------***
    We've all been a beginner at something one day.
    But knowledge is the reward for diligence.
    1
  3. Anonymous user
     
    Hello

    No; an antivirus paired with Malwarebytes will do just fine.

    See you later

    --
    ***-----------------------Security Contributor-------------------------***
    We have all been beginners at something at some point.
    But knowledge is the reward of diligence.
    1
    1. Abrek Posted messages 61 Registration date   Status Member Last intervention   15
       
      Ok thanks
      0
  4. Anonymous user
     
    Hello

    1)
    Download AdwCleaner (from Xplode) to your desktop.
    Run it, click on [Scan] and wait for the scan to complete.
    Once the scan is finished, click on the [Clean] button
    Wait during the cleaning process. Read the message that appears, then click on OK. The PC will automatically restart and the report will open at the end of the restart.
    Post the report

    Note: The report is also saved under C:\AdwCleaner[S1].txt

    To read:
    Potentially unwanted programs:
    https://www.malekal.com/adwares-pup-protection/

    Toolbars are not required (by Malekal): https://forum.malekal.com/viewtopic.php?t=6173&start=

    2)Run a quick scan with updated Malwarebytes and then post its report

    Thank you

    See you later

    ***-----------------------Security Contributor-------------------------***
    We have all been a beginner in something at one point.
    But knowledge is the reward for diligence.
    0
  5. Anonymous user
     
    Re

    Send me a new ZHPDiag report; thank you

    See you later

    --
    ***-----------------------Security Contributor-------------------------***
    We have all been a beginner at something once.
    But knowledge is the reward for diligence.
    0
  6. Anonymous user
     
    Hello

    Using the ZHPFix tool:

    * Copy all the text present in the box below (select it with your mouse / Right-click on it and choose "copy" or press Ctrl+C)

    ZHPFix Script
    O4 - HKLM\..\Run: [fst_fr_26] Orphan key
    O45 - LFCP:[MD5.2D4CD787C35CFCA8395F937276F7400C] - 5/8/2014 - 10:27:13 AM ---A- - C:\Windows\Prefetch\UNITYWEBPLAYER.EXE-1C9D893C.pf
    O61 - LFC: 5/8/2014 - 11:56:29 PM ---A- . (.Unity Technologies ApS.) -- C:\Users\Mansour\Desktop\UnityWebPlayer.exe [1070496]
    O61 - LFC: 5/8/2014 - 11:56:29 PM ---A- . (.Unity Technologies ApS.) -- C:\Users\Mansour\Downloads\UnityWebPlayer.exe [1070496]
    [MD5.9994F539B965C6ADDB2EC871FC9D650B] [SPRF][5/8/2014] (.Unity Technologies ApS - Unity Web Player Installer.) -- C:\Users\Mansour\Desktop\UnityWebPlayer.exe [1070496]
    HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASAPI32
    HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASMANCS
    HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASAPI32
    HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASMANCS
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_26
    O4 - HKLM\..\Run: [fst_fr_26] Orphan key
    C:\Users\Mansour\Desktop\UnityWebPlayer.exe
    C:\Users\Mansour\AppData\Local\Temp\GoogleToolbarInstaller1.log
    C:\Users\Mansour\AppData\Local\Temp\GoogleToolbarInstaller2.log
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
    HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASAPI32
    HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASMANCS
    HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32
    HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS
    HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32
    HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS
    HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarUser_32_RASAPI32
    HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarUser_32_RASMANCS
    ShortcutFix
    EmptyPrefetch
    FirewallRAZ
    Emptytemp
    EmptyCLSID

    --------------------------------------------------------------------------------------------
    Run ZHPFix from the shortcut on your Desktop (if you are using Windows Vista, 7, or 8, do it by right-clicking --> Run as administrator)

    Click on the Import button. The clipboard content will be pasted into the input area of ZHPFix

    NB (W8) : In some cases the script will automatically paste into the script area and does not require clicking the "IMPORT" button.

    * Click on the GO button to start the cleaning.

    -> let the tool work and do not touch anything ...
    -> If prompted to restart the PC to complete the cleaning, do it!

    Once finished, a new report will appear: post the content of this report in your next response ...
    This report is copied to the desktop

    ( this report is also saved in this folder:
    - For XP: C:\Documents and Settings\username\Local Settings\Application Data\ZHP
    - Since Vista: C:\Users\username\AppData\Roaming\ZHP\ZHPFix [R1].txt
    )

    @+

    --
    ***-----------------------Security Contributor-------------------------***
    We have all been a beginner at something at one time.
    But knowledge is the reward of diligence.
    0
  7. Abrek Posted messages 61 Registration date   Status Member Last intervention   15
     
    What will it clean? I don't have a toolbar and your script says that.

    --
    Thug Life * The street has no internship * « The Hate U Give Little Infants Fucks Everybody »
    0
  8. Anonymous user
     
    Hello

    Do as you wish!!

    See you later

    --
    ***-----------------------Security Contributor-------------------------***
    We have all been beginners at something at one time.
    But knowledge is the reward for diligence.
    0
    1. Abrek Posted messages 61 Registration date   Status Member Last intervention   15
       
      No, I mean, what is it? It's not that I'm saying you're doing anything wrong, but what I'm talking about is more like programs? Viruses?
      0
  9. Anonymous user
     
    Good evening

    in anticipation of this report. Thank you

    See you

    --
    ***-----------------------Security Contributor-------------------------***
    We have all been beginners at something at some point.
    But knowledge is the reward for diligence.
    0
  10. Anonymous user
     
    Re

    update Java

    @+

    --
    ***-----------------------Security Contributor-------------------------***
    We've all been beginners at something at some point.
    But knowledge is the reward for diligence.
    0
  11. Abrek Posted messages 61 Registration date   Status Member Last intervention   15
     
    You have the recommended version of Java. (Version 7 Update 55). I updated it on https://www.java.com/en/ and I still have these 4 programs? ...

    --
    Thug Life * The street doesn't have internships * "The Hate U Give Little Infants Fucks Everybody"
    0
  12. Abrek Posted messages 61 Registration date   Status Member Last intervention   15
     
    There is adwCleaner on the site but not DelFix at least I don't see it
    And you said I check "Remove disinfection tools (checked by default)" among the 5?

    Also on Malware I go to History/Quarantine then delete everything?

    --
    Thug Life * The street has no internship * “The Hate U Give Little Infants Fucks Everybody”
    0
  13. Anonymous user
     
    Re

    You click on the blue word DelFix in my previous post.

    Yes, you delete everything.

    See you later

    --
    ***-----------------------Security Contributor-------------------------***
    We have all been beginners at something at one time.
    But knowledge is the reward for diligence.
    0
    1. Abrek Posted messages 61 Registration date   Status Member Last intervention   15
       
      Sorry, I can only provide translations. Please provide the text you would like to have translated.
      0
  14. Abrek Posted messages 61 Registration date   Status Member Last intervention   15
     
    Yes, well, there's no DelFix, just AdwCleaner that I already have. Send me the link to download it

    --
    Thug Life * The street has no internships * « The Hate U Give Little Infants Fucks Everybody »
    0
  15. Anonymous user
     
    Hello

    Done for the best.
    I suggest we mark this topic as resolved

    Thank you

    See you

    --
    ***-----------------------Security Contributor-------------------------***
    We have all been beginners in something at one point.
    But knowledge is the reward for diligence.
    0
  16. Abrek Posted messages 61 Registration date   Status Member Last intervention   15
     
    It's all good, I found it and did everything. Otherwise, is there something like an "anti-virus" but for keyloggers and that sort of thing or to delete stuff that shouldn't be on the computer?

    --
    Thug Life * The street has no internship * "The Hate U Give Little Infants Fucks Everybody"
    0