salut ,
fait froid en ce moment j'ai chpoé pipas.a
j'ai fait fixwareout aprés lecture du forum et le rapport est ci aprés.
Pour ceux qui y connaissent qq chose.!.un grand merci pour mes cheveux que j'arrache par paquets!!
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}228A19973E63-0CCA-6B74-6A72-34B28EBB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\aesmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1trap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\2trap
...
Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmsea.exe"=-
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSIUP.EXE 51 787 2006-09-07
C:\WINDOWS\SYSTEM32\DMCWD.EXE 62 042 2004-08-05
C:\WINDOWS\SYSTEM32\DMFBG.EXE 62 042 2004-08-05
C:\WINDOWS\SYSTEM32\DMLWI.EXE 62 042 2004-08-05
C:\WINDOWS\SYSTEM32\DMSEA.EXE 62 042 2004-08-05
Other suspects.
Directory of C:\WINDOWS\system32
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.