aidez moi virus exmodul et autres
aidez moi virus exmodul et autres - Sécurité - Windows & Software
Marsh Posté le 21-09-2006 à 22:18:57
"Bonjour" et un minimum d'explication, c'est trop demandé ?
---------------
Filmstory : gardez trace des films que vous avez vu ! :D
Sujets relatifs:
- virus ou pire?? RESOLU
- Virus empechant ouverture de session...
- Virus Serwab, les lignes suspectes ???
- Message d'erreur au démarrage et problème de virus.
- virus
- Virus qui ne veulent pas se supprimer, comment faire?
- probleme de virus (photo223.TIF)
- Virus en chaîne
- probleme de virus
- probleme de virus
Marsh Posté le 21-09-2006 à 22:17:58
mon ordi est infecté par un truc qui s'appelle ##exmodul##.exe
voici le rapport hijackthis :
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\nrumd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\whsmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"exe.rosmd"=-
"exe.iltmd"=-
"exe.rusmd"=-
"exe.itumd"=-
"dmshw.exe"=-
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\DMSHW.EXE 44 098 2004-08-05
Other suspects.
Directory of C:\WINDOWS\system32
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.
que dois-je faire maintenant ???
merci