Home > General > Rimafafu.dll

Rimafafu.dll

I've tried everything in the book to get this thing removed.Please help!Below are the Hijackthis logs:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:29:28 AM, on 10/8/2009Platform: Windows XP SP2 (WinNT Donnez votre avis Utile +0 Signaler kisscool071 57Messages postés lundi 10 décembre 2007Date d'inscription 2 mai 2009 Dernière intervention 18 avril 2009 à 00:51 Aucune en particulier. or read our Welcome Guide to learn how to use this site. Merci beaucoup.

Register now! Click "Start Scan " button to scan dll error on your computer. 3. Voici le rapport de GenProc : Rapport GenProc 2.525 [1] - 16/04/2009 à 2:36:49 - Windows Vista GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante : Copie/colle ce rapport dans ta prochaine réponse.

Should you need it reopened, please contact a Forum Moderator. antivirus 4.8.1169 [VPS 090321-0] *On-access scanning enabled* (Updated) AV: Norton Internet Security *On-access scanning enabled* (Outdated) FW: Norton Internet Security *disabled* * Un nouveau point de restauration a été créé FILE The best way to solve this problem is using a cleaner which iseasy to find online. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Click here to Register a free account now! antivirus 4.8.1169 [VPS 090321-0] *On-access scanning enabled* (Updated) AV: Norton Internet Security *On-access scanning enabled* (Outdated) FW: Norton Internet Security *disabled* * Un nouveau point de restauration a été créé . If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. Or bust my comp.Ran Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 KoanYorel KoanYorel Bleepin' Conundrum Staff Emeritus 19,461 posts OFFLINE Gender:Male Location:65

Le scan a détecté 3 erreurs qui ont été réparées. Sign Up All Content All Content Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started Search More Malwarebytes.com Malwarebytes c:\windows\System32\Ati2evxx.exe c:\windows\System32\audiodg.exe c:\windows\System32\Ati2evxx.exe c:\program files\ATK Hotkey\ASLDRSrv.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\ATK Hotkey\HControl.exe c:\program files\ATKOSD2\ATKOSD2.exe c:\program files\Wireless Console 2\wcourier.exe c:\program files\P4G\BatteryLife.exe c:\program files\ASUS\Splendid\ACMON.exe c:\windows\System32\ACEngSvr.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\Common Please advise next steps richbuff 24.01.2009 12:45 Run this script, PC will reboot: CODEbeginSetAVZGuardStatus(True);SearchRootkit(true, true);QuarantineFile('c:\windows\system32\kuyedowo.dll','');QuarantineFile('c:\windows\system32\vihobuwu.dll','');QuarantineFile('c:\windows\system32\wifukolu.dll','');QuarantineFile('c:\windows\system32\yuteloki.dll','');QuarantineFile('c:\windows\system32\yutepuwa.dll','');QuarantineFile('c:\windows\system32\hutudoki.dll','');QuarantineFile('c:\windows\system32\rojayefi.dll','');QuarantineFile('c:\windows\system32\sewovego.dll','');QuarantineFile('c:\windows\system32\yibulura.dll','');QuarantineFile('c:\windows\system32\kogonubo.dll','');QuarantineFile('c:\windows\system32\tuyuvela.dll','');QuarantineFile('c:\windows\system32\deploytk.dll','');QuarantineFile('c:\windows\system32\merunime.dll','');QuarantineFile('c:\windows\system32\vajarusu.dll','');QuarantineFile('c:\windows\system32\zosamulo.dll','');QuarantineFile('c:\windows\system32\bewiseru.dll','');QuarantineFile('c:\windows\system32\bososiga.dll','');QuarantineFile('c:\windows\system32\nohutabo.dll','');QuarantineFile('c:\windows\system32\fataleti.dll','');QuarantineFile('c:\windows\system32\jahomayo.dll','');QuarantineFile('c:\windows\system32\fepayaju.dll','');QuarantineFile('c:\windows\system32\damopore.dll','');QuarantineFile('c:\windows\system32\rejufopa.dll','');QuarantineFile('c:\windows\system32\fobamito.dll','');QuarantineFile('c:\windows\system32\pugohawu.dll','');QuarantineFile('c:\windows\system32\hosezora.dll','');QuarantineFile('c:\windows\system32\wujiwibe.dll','');QuarantineFile('c:\windows\system32\fevudufe.dll','');QuarantineFile('c:\windows\system32\jefugiwo.dll','');QuarantineFile('c:\windows\system32\lajogilo.dll','');QuarantineFile('c:\windows\system32\tineraka.dll','');QuarantineFile('c:\windows\system32\mihamake.dll','');QuarantineFile('c:\windows\system32\pirotima.dll','');QuarantineFile('c:\windows\system32\hutijezu.dll','');QuarantineFile('c:\windows\system32\yebokafe.dll','');QuarantineFile('c:\windows\system32\vizisida.dll','');QuarantineFile('c:\windows\system32\jamuyate.dll','');QuarantineFile('c:\windows\system32\wafadewi.dll','');QuarantineFile('c:\windows\system32\tuveruwu.dll','');QuarantineFile('c:\windows\system32\hikenile.dll','');QuarantineFile('c:\windows\system32\yireniye.dll','');QuarantineFile('c:\windows\system32\fuhiheje.dll','');QuarantineFile('c:\windows\system32\ravodifu.dll','');QuarantineFile('c:\windows\system32\kovuzuwa.dll','');QuarantineFile('c:\windows\system32\dihahofi.dll','');QuarantineFile('c:\windows\system32\mekiroba.dll','');QuarantineFile('c:\windows\system32\yozofuko.dll','');QuarantineFile('c:\windows\system32\gubebusi.dll','');QuarantineFile('c:\windows\system32\ledamine.dll','');QuarantineFile('c:\windows\system32\rihevuro.dll','');QuarantineFile('c:\windows\system32\rimafafu.dll','');QuarantineFile('c:\windows\system32\lupujuye.dll','');QuarantineFile('c:\windows\system32\wemifidu.dll','');QuarantineFile('c:\windows\system32\bolivovi.dll','');QuarantineFile('c:\windows\system32\havibola.dll','');QuarantineFile('c:\windows\system32\garokeha.dll','');QuarantineFile('c:\windows\system32\tazogike.dll','');QuarantineFile('c:\windows\system32\telariva.dll','');QuarantineFile('c:\windows\system32\modopodu.dll','');QuarantineFile('c:\windows\system32\goqxol.bak','');DeleteFile('c:\windows\system32\goqxol.bak');DeleteFile('c:\windows\system32\modopodu.dll');DeleteFile('c:\windows\system32\telariva.dll');DeleteFile('c:\windows\system32\tazogike.dll');DeleteFile('c:\windows\system32\garokeha.dll');DeleteFile('c:\windows\system32\havibola.dll');DeleteFile('c:\windows\system32\bolivovi.dll');DeleteFile('c:\windows\system32\wemifidu.dll');DeleteFile('c:\windows\system32\lupujuye.dll');DeleteFile('c:\windows\system32\rimafafu.dll');DeleteFile('c:\windows\system32\rihevuro.dll');DeleteFile('c:\windows\system32\ledamine.dll');DeleteFile('c:\windows\system32\gubebusi.dll');DeleteFile('c:\windows\system32\yozofuko.dll');DeleteFile('c:\windows\system32\mekiroba.dll');DeleteFile('c:\windows\system32\dihahofi.dll');DeleteFile('c:\windows\system32\kovuzuwa.dll');DeleteFile('c:\windows\system32\ravodifu.dll');DeleteFile('c:\windows\system32\fuhiheje.dll');DeleteFile('c:\windows\system32\yireniye.dll');DeleteFile('c:\windows\system32\hikenile.dll');DeleteFile('c:\windows\system32\tuveruwu.dll');DeleteFile('c:\windows\system32\wafadewi.dll');DeleteFile('c:\windows\system32\jamuyate.dll');DeleteFile('c:\windows\system32\vizisida.dll');DeleteFile('c:\windows\system32\yebokafe.dll');DeleteFile('c:\windows\system32\hutijezu.dll');DeleteFile('c:\windows\system32\pirotima.dll');DeleteFile('c:\windows\system32\mihamake.dll');DeleteFile('c:\windows\system32\tineraka.dll');DeleteFile('c:\windows\system32\lajogilo.dll');DeleteFile('c:\windows\system32\jefugiwo.dll');DeleteFile('c:\windows\system32\fevudufe.dll');DeleteFile('c:\windows\system32\wujiwibe.dll');DeleteFile('c:\windows\system32\hosezora.dll');DeleteFile('c:\windows\system32\pugohawu.dll');DeleteFile('c:\windows\system32\fobamito.dll');DeleteFile('c:\windows\system32\rejufopa.dll');DeleteFile('c:\windows\system32\damopore.dll');DeleteFile('c:\windows\system32\jahomayo.dll');DeleteFile('c:\windows\system32\fepayaju.dll');DeleteFile('c:\windows\system32\fataleti.dll');DeleteFile('c:\windows\system32\nohutabo.dll');DeleteFile('c:\windows\system32\bososiga.dll');DeleteFile('c:\windows\system32\bewiseru.dll');DeleteFile('c:\windows\system32\zosamulo.dll');DeleteFile('c:\windows\system32\vajarusu.dll');DeleteFile('c:\windows\system32\merunime.dll');DeleteFile('c:\windows\system32\deploytk.dll');DeleteFile('c:\windows\system32\tuyuvela.dll');DeleteFile('c:\windows\system32\kogonubo.dll');DeleteFile('c:\windows\system32\yibulura.dll');DeleteFile('c:\windows\system32\sewovego.dll');DeleteFile('c:\windows\system32\rojayefi.dll');DeleteFile('c:\windows\system32\hutudoki.dll');DeleteFile('c:\windows\system32\yutepuwa.dll');DeleteFile('c:\windows\system32\yuteloki.dll');DeleteFile('c:\windows\system32\wifukolu.dll');DeleteFile('c:\windows\system32\vihobuwu.dll');DeleteFile('c:\windows\system32\kuyedowo.dll');RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2');BC_ImportDeletedList;ExecuteSysClean;BC_Activate;RebootWindows(true);end.Then, run this one:CODEbeginCreateQurantineArchive('c:\quarantine.zip');end.A file called quarantine.zip should be created in C:\.

Please re-enable javascript to access full functionality. Regutility can clean up your PC so it's running like new again! 1. Wrongly or not properly installed software will bring a lot of errors, then the registry will be filled up with numerous problems. Or Start > run > type hello /u > ok.

uStart Page = hxxp://www.google.fr/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab DPF: {2108E348-A0C0-1563-D327-730450CF5E34} - hxxp://www.shockwave.com/content/dinerdash/sis/DDComcast.1.0.0.39.cab DPF: {210B1348-30C0-1F63-2B27-7A0450545277} - hxxp://www.shockwave.com/content/dinerdash/sis/DDKnorr.1.0.0.44.cab DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-1.1.cab c:\windows\system32\acovcnt.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-21 au 2009-04-21 )))))))))))))))))))))))))))))))))))) . 2009-04-20 18:23 . 2009-04-21 02:39 -------- d-----w c:\programdata\wegagolu 2009-04-20 18:23 . 2009-04-21 02:39 -------- d-----w c:\programdata\hupetetu 2009-04-20 18:23 . 2009-04-20 If you have a new issue, please start a New Topic. Good luck.

Par exemple si je tape "dfhty" ca va me dire "dfhty n'est pas reconnue etc." Donnez votre avis Utile +0 Signaler eZula 3368Messages postés samedi 26 avril 2008Date d'inscription ContributeurStatut 31 Please help. Recherche d'éléments en démarrage automatique cachés ... Run this script, instructions linked in pinned topics at top of this forum page, PC will reboot:CODEbeginSetAVZGuardStatus(True);SearchRootkit(true, true); QuarantineFile('C:\WINDOWS\system32\luhakora.dll',''); QuarantineFile('C:\WINDOWS\system32\imxtwl.dll',''); QuarantineFile('C:\WINDOWS\system32\rosobogu.dll',''); QuarantineFile('C:\WINDOWS\system32\zerunuwa.dll',''); QuarantineFile('C:\WINDOWS\system32\wevusavi.dll',''); DelBHO('{ed99e9f4-49a1-4d2d-85ff-dddb3131ef5c}'); DelBHO('{2247d44b-d578-4dd5-8293-f3aba298089f}'); QuarantineFile('C:\WINDOWS\system32\goqxol.dll',''); QuarantineFile('C:\WINDOWS\system32\vomeduse.dll',''); DeleteFile('C:\WINDOWS\system32\vomeduse.dll'); DeleteFile('C:\WINDOWS\system32\goqxol.dll'); DeleteFile('C:\WINDOWS\system32\wevusavi.dll'); DeleteFile('C:\WINDOWS\system32\zerunuwa.dll');

Sign in to follow this Followers 1 Go To Topic Listing Resolved Malware Removal Logs Recently Browsing 0 members No registered users viewing this page. Donnez votre avis Utile +0 Signaler eZula 3368Messages postés samedi 26 avril 2008Date d'inscription ContributeurStatut 31 mars 2014 Dernière intervention 16 avril 2009 à 16:08 [*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur antivirus 4.8.1169 [VPS 090321-0] *On-access scanning enabled* (Updated) AV: Norton Internet Security *On-access scanning enabled* (Outdated) FW: Norton Internet Security *disabled* * Un nouveau point de restauration a été créé . Le bureau va disparaître à plusieurs reprises : c'est normal.

Merci en tout cas pour ta patience ;) Donnez votre avis Utile +0 Signaler eZula 3368Messages postés samedi 26 avril 2008Date d'inscription ContributeurStatut 31 mars 2014 Dernière intervention 18 avril 2009 Then please zip up C:\qoobox\quarantine and upload both it and C:\quarantine.zip to a filehost such as http://rapidshare.com/ Then, Private Message me the download link to the uploaded file. The errors within the registry are the most serious problems.

Post them back to your topic.Download GMER here by clicking download exe -button and then saving it your desktop:Double-click .exe that you downloadedClick rootkit-tab and then scan.Don't check Show All box

So I don't whats going on.I did a scan with MalwareBytes, program. Heure de fin: 2009-04-16 10:43 - La machine a redémarré ComboFix-quarantined-files.txt 2009-04-16 14:43 Avant-CF: 20 365 041 664 octets libres Après-CF: 21 653 807 104 octets libres 230 --- E O F --- 2009-04-16 06:45 Au redémarage EXE ERRORS: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z OTHER DLL ERRORS: Please start a new thread describing your issue and someone will be along to assist you.

Then turn system restore back on, if you wish; this to remove malware from system volume information files.Scan with SuperAntiSpyware: http://www.superantispyware.com/ and post it's log, but please don't fix anything until Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes rimafafu.dll Started by rantheman27 , Apr 30 2009 04:03 AM This topic is locked 3 replies to this topic #1 rantheman27 rantheman27 Members 3 posts OFFLINE Local time:01:35 AM Posted

Self Protection; [x] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792] S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2006-12-10 24576] S3 Atc002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\L260x86.sys [2006-12-13 25600] No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your When done, DDS will open two (2) logs: DDS.txt Attach.txt[*]Save both reports to your desktop. Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast!

Information on A/V control HERER,K The only easy day was yesterday. ...some do, some don't; some will, some won't (WR) Back to top #3 rantheman27 rantheman27 Topic Starter Members 3 posts Ne touche à rien tant que le scan n'est pas terminé. [*]Une fois le scan achevé, un rapport va s'afficher : poste son contenu. [*]Si le fichier ne s'ouvre pas, il Live 2009-02-13 08:49 . 2009-04-15 23:07 72704 ----a-w c:\windows\System32\secur32.dll 2009-02-13 08:49 . 2009-04-15 23:07 1255936 ----a-w c:\windows\System32\lsasrv.dll 2009-02-09 03:10 . 2009-03-11 09:48 2033152 ----a-w c:\windows\System32\win32k.sys 2008-12-15 20:33 . 2008-03-25 16:21 104424 Follow the onscreen prompts to start the scan.Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause