Home > Infected With > Infected With Trojan Rayedutu.dll - Hijackthis Log

Infected With Trojan Rayedutu.dll - Hijackthis Log

C:\WINDOWS\system32\duzemibe.dll (Trojan.Vundo) -> Quarantined and deleted successfully. Bonne soirée. Did you use it previous to AVG and uninstalled it?You currently do not have an active antivirus program. Do not change the file name.

Le fichier se télécharge, il se lance, mais il se stoppe net. C:\Documents and Settings\Julie\Local Settings\Temp\fca0IVf.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully. Please perform everything in the correct order/sequence. Hey guys, my computer's doing something really weird and I really don't know what went wrong or how to fix Thread Tools Search this Thread 03-14-2009, 09:11 PM

After downloading the tool, disconnect from the internet and disable all antivirus protection. We will begin with ComboFix.exe. Run the scan, enable your A/V and reconnect to the internet. Et envoie, par copier/coller, ton log Hijackthis sur le forum, tuto si problème Signaler Julie- 10 déc. 2008 à 19:07 Bonsoir Kévin, Merci pour cette réponse si rapide.

S'inscrire maintenant Vous n'êtes pas encore membre ? C:\WINDOWS\system32\dobonede.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully. The internet works okay on Safari, but only on certain websites. C:\WINDOWS\system32\gikatuma.dll (Trojan.Vundo.H) -> Delete on reboot.

It is. and then sometimes to the White Page that requires resetting the background page .... Here's the CFScript scan log: ComboFix 09-03-15.01 - HP_Administrator 2009-03-19 18:32:39.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.1982.1597 [GMT -4:00] Ö´ÐÐλÖÃ: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt C:\Documents and Settings\Julie\Local Settings\Temp\bitcoll.dll (Adware.Agent) -> Quarantined and deleted successfully.

or read our Welcome Guide to learn how to use this site. Déconnectes toi et fermes toutes applications en cours ! Anyways, here's the log file. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff

Thanks Proud Graduate of the WTT Classroon If you are happy with the help you recieved, please consider making a Donation Curiosity didn't kill the cat.;wap2 Ignorance did, curiosity was framed. Widget Engine.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LimeWire Acceleration Patch HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared Ce virus est une horreur.

I would strongly recommend that you uninstall them. his comment is here Also it is tying up two helpers in one log is taking up valuable time which could be better spent hepling others in need of help. again i ran the rootkit and over 250 infections were found .... Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account?

Répondre Donnez votre avis Utile +0 Signaler kevin05 3649Messages postés samedi 29 novembre 2008Date d'inscription Contributeur sécuritéStatut 4 juillet 2010 Dernière intervention 13 déc. 2008 à 21:35 va dans "recherche" demarré=====>rechercher Due to a few misunderstandings, I just want to make it clear that this site provides only an online analysis, and not HijackThis the program. Ignorance did, curiosity was framed. this contact form Please post back with the results from Kaspersky and the new combofix log in your next reply __________________ 03-19-2009, 06:13 PM #13 ebolamonkey3 Registered Member Join Date: Jun

A pop up box will appear advising this process will permanently delete files from your system. 6. I downloaded ComboFix on another computer and moved it to the problem machine via USB, but I couldn't run the install file, let alone run the program. Then select the items you wish to clean up.

Le fait d'être membre vous permet d'avoir un suivi détaillé de vos demandes.

Several functions may not work. Here's how it works. Several functions may not work. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\jolujara.dll -> Delete on reboot.

for C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\\UsrClass.dat [ System Events ]Error - 1/12/2010 8:12:53 PM | Computer Name = NEW-D3CFBA6C0A5 | Source = Service Control Manager | ID = 7005Description = The Everyone else please begin a New Topic Please make a donation so I can keep helping people just like you.Every little bit helps! Even for an advanced computer user. J'ai fait des recherches sur le net concernant ce fichier et il est dit qu'il faut redémarrer windows en mode spécial avec les disquettes d'installation...

C:\WINDOWS\system32\oyifosub.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. It does not provide an option to clean/disinfect. O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - O20 - AppInit_DLLs: wxvault.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\WINDOWS\system32\dobonede.dll c:\windows\system32\zatewada.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zatewada.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zatewada.dll Please re-enable javascript to access full functionality.

c:\WINDOWS\system32\maweyeri.dll (Trojan.Vundo) -> Delete on reboot. Thanks. 03-16-2009, 10:10 PM #9 ebolamonkey3 Registered Member Join Date: Jun 2008 Posts: 8 OS: Windows XP Media Center Edition Hey Steve, I got GMER to work, the C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\IWUOK5VY\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs Click the Run Scan button.

what i've seen in this matter is the disabling of the MALWAREBYTES program and AVG i cant scan ...hijack works and below is the latest file log after start up Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear C:\Documents and Settings\Julie\Local Settings\Temp\cmdo.exe.vir (Malware.Tool) -> Quarantined and deleted successfully. Clean all entries in the "Advanced" section.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm3369bd9f (Trojan.Vundo.H) -> Delete on reboot. P2P - I see you have P2P software (emule) installed on your machine. SSDT ------------------- #: 012 Function Name: NtAlertResumeThread Status: Hooked by "" at address 0x89eec7b0 #: 013 Function Name: NtAlertThread Status: Hooked by "" at address 0x89ed2c98 #: 017 Function Name: NtAllocateVirtualMemory References for the risk of these programs are here, here and here.

Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jolujara.dll -> Delete on reboot. Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le ! Thank you! Clean Sun Java in the Internet Section.

Join 91135 other members! Click Accept, when prompted to download and install the program files and database of malware definitions.Click Run at the Security prompt. Register now! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.