« previous next »
Pages: [1]

Author Topic: rundll32.exe  (Read 1129 times)

Offline Looie

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
rundll32.exe
« on: June 05, 2006, 08:08:51 AM »
I have read your info on re this of last year and have downloaded the file I have lost according to my control panel, which I cannot access.  I have put it into the cache area but am unsure where to put it to get it to work.  I have windows XP, presume the earlier edition and it is french.  I have loaned the machine to my son who downloads music, and am now getting frequent adverts for sex, plus a pestrap advert which is very annoying.
 Here is the hijack info incase you can help;
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\Program Files\PC MightyMax\pcmm.exe
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\Fichiers communs\Filseclab\FilMsg.exe
C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\TypeItIn\TypeItIn.exe
C:\Program Files\Climate Change Experiment\boinc.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.08_windows_intelx86.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.08_windows_intelx86.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=msgr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MySearch Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\K-litePro\Plugins\RazaWebHook.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R
O4 - HKCU\..\Run: [a-squared] C:\Program Files\a-squared\a2guard.exe
O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Filseclab Messenger.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZU
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\K-litePro\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IEpal - CleanUp history, search and navigation - {614941A8-F4C6-49F3-AB6B-5EAD14B1029E} - C:\Program Files\IEpal\CIEpal.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: IEpal - Analyze page - {ED889FA5-D5F6-4A74-881A-BC062D730677} - C:\Program Files\IEpal\IEpal.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
rundll32.exe
« Reply #1 on: June 05, 2006, 09:16:52 AM »
Just on my way to work, in the meantime, can you do the following please

Download [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

[color=\"#3366FF\"]Note[/color] : [color=\"#FF0000\"]process.exe[/color] [color=\"#3366FF\"]is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.[/color]

Could you also post a fresh hijackthis log, you cut the top part of the log off, which includes hijackthis version and operating system
Please post the Whole log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Looie

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
rundll32.exe
« Reply #2 on: June 05, 2006, 11:18:48 AM »
»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\atmclk.exe PRESENT !
C:\WINDOWS\system32\dcomcfg.exe PRESENT !
C:\WINDOWS\system32\hp???.tmp PRESENT !
C:\WINDOWS\system32\hp????.tmp PRESENT !
C:\WINDOWS\system32\imfdfcj.dll PRESENT !
C:\WINDOWS\system32\ld????.tmp PRESENT !
C:\WINDOWS\system32\ot.ico PRESENT !
C:\WINDOWS\system32\regperf.exe PRESENT !
C:\WINDOWS\system32\simpole.tlb PRESENT !
C:\WINDOWS\system32\stdole3.tlb PRESENT !
C:\WINDOWS\system32\ts.ico PRESENT !
C:\WINDOWS\system32\1024\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris

C:\DOCUME~1\ADMINI~1\Favoris\Antivirus Test Online.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

[HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\system32\imfdfcj.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\system32\imfdfcj.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



Logfile of HijackThis v1.99.1
Scan saved at 18:17:39, on 05/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\Program Files\PC MightyMax\pcmm.exe
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\Fichiers communs\Filseclab\FilMsg.exe
C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\TypeItIn\TypeItIn.exe
C:\Program Files\Climate Change Experiment\boinc.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.08_windows_intelx86.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.08_windows_intelx86.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=msgr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MySearch Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\K-litePro\Plugins\RazaWebHook.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R
O4 - HKCU\..\Run: [a-squared] C:\Program Files\a-squared\a2guard.exe
O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Filseclab Messenger.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZU
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\K-litePro\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IEpal - CleanUp history, search and navigation - {614941A8-F4C6-49F3-AB6B-5EAD14B1029E} - C:\Program Files\IEpal\CIEpal.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: IEpal - Analyze page - {ED889FA5-D5F6-4A74-881A-BC062D730677} - C:\Program Files\IEpal\IEpal.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
rundll32.exe
« Reply #3 on: June 05, 2006, 10:24:33 PM »
==Download and install Windows CleanUp! 4.5.1
Don't run this yet
NOTE: If you have an older version of Windows CleanUp!, Please uninstall it and use this newer version


==Download and then Install
Ewido anti-malware 3.5

When installing, under "Additional Options" UNCHECK
 
    "Install background guard"
     "Install scan via context menu".
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the auto updater won't work
Please manually update from this link
http://www.ewido.net/en/download/updates/

Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

I need you too disable SpywareGuards protections
It may, and probably will interfere with some of the fixes we try
Please leave it disabled until we have you clean
Open SpywareGuard>>Click on OPTIONS
under General protection options>>Uncheck all of them
SAVE settings
Exit SpywareGuard

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu
In safe mode

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
If this is the first time you have run this program, it will prompt you to run in Demo mode
Click No to this, we actually want to run the cleaner on your computer
When it's done>>Click Close
DECLINE to Log off or Restart the computer

=Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process.  A text file will appear onscreen, with results from the cleaning process
I'll need to see these later, by default they are also saved at C:\rapport.txt

If a reboot was required, reboot back to safe mode
If it wasn't required, remain in safe mode

==Open Ewido Anti-malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to the desktop or someplace you will remember
Exit Ewido
NOTE: When Ewido is running, don't open any other windows, let it run uninterrupted

Do a "System scan only" with Hijackthis and put a check next to these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MySearch Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZU

After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot back to Normal mode
Post back the following please
1. Run a Scan and save logfile with Hijackthis and post a fresh log
2. Post the whole report from Ewidos'
3. Post the report from Smitfraudfix again, located at C:\Rapport.txt

In addition to the above, can you also do the following, let's check on that rundll32.exe file
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as find.bat

Save this file on the desktop

 
Code: [Select]
dir %Systemdrive%\rundll32.exe /a h /s > files.txt
start notepad files.txt
Double click on find.bat
It may appear as nothing is happening, give it a minute, after a bit, a text file should open, can you copy and paste back the whole contents please
« Last Edit: June 05, 2006, 11:33:22 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Looie

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
rundll32.exe
« Reply #4 on: June 06, 2006, 07:10:58 AM »
Gosh that sounds complicated - you must be mighty clever.  I will manage this!
However, I have come unstuck already, I found 'safe mode' which they directly translate to 'mode without failure' in french.  But I cannot find the icon or Start>all programs.  If it is in the control panel, I cannot access this.
Can you please give me an idea of where I should be looking.  I have tried a file search for it but again it is obviously called something else completely in french.  If the icon is a 'my computer' type thing, I have never had one of those.  Sorry to get stuck so early on!  Thanks for your help so far.  I hope to manage the rest as it is in English, although I wonder if Prefetch files are called something strange here.  Will get aid of bi-lingual children this evening.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
rundll32.exe
« Reply #5 on: June 06, 2006, 09:02:57 AM »
Just on my way out to work again, I'll check back later to see how you progressed
This may help, if you have problems from English to French
Try a translation tool, nothing to install
Take a look
http://babelfish.altavista.digital.com/
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Looie

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
rundll32.exe
« Reply #6 on: June 06, 2006, 03:58:13 PM »
Logfile of HijackThis v1.99.1
Scan saved at 22:32:00, on 06/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\Program Files\PC MightyMax\pcmm.exe
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\Filseclab\FilMsg.exe
C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\TypeItIn\TypeItIn.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Climate Change Experiment\boinc.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.08_windows_intelx86.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.08_windows_intelx86.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\K-litePro\Plugins\RazaWebHook.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R
O4 - HKCU\..\Run: [a-squared] C:\Program Files\a-squared\a2guard.exe
O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Filseclab Messenger.lnk = ?
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\K-litePro\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IEpal - CleanUp history, search and navigation - {614941A8-F4C6-49F3-AB6B-5EAD14B1029E} - C:\Program Files\IEpal\CIEpal.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: IEpal - Analyze page - {ED889FA5-D5F6-4A74-881A-BC062D730677} - C:\Program Files\IEpal\IEpal.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe


 ewido anti-malware - Rapport de scan
---------------------------------------------------------

 + Créé le:      22:03:31, 06/06/2006
 + Somme de contrôle:   54455328

 + Résultats du scan:

   HKLM\SYSTEM\ControlSet002\Control\SPPInfo\PPSE1IDesc -> Dialer.Generic : Nettoyer et sauvegarder
   C:\Program Files\K-litePro\Downloads\- SnowBall - tradewinds.rar/Setup_toolBar.exe -> Downloader.IstBar.nj : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{00F3F248-D13E-4256-BE8F-D92B255E9B1B} -> Trojan.Small.cy : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{05423ABD-E8DF-4859-8C35-6ED39612F921} -> Adware.Gator : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{0A2D31B8-44C2-42F1-8FD0-93FC87D76CDA} -> Adware.SideFind : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{0B7EAC1C-AAEE-432F-9AC7-B1980D6ECF15} -> Downloader.IstBar.jm : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{15E99E39-23E3-4115-ACFC-E92C34BEC43E} -> Not-A-Virus.Downloader.Win32.WinFixer.b : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{3C400947-B1F7-4E29-92F0-AD7BF24CCDBF} -> Downloader.Dyfuca.dt : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{3E112C74-680D-496C-9088-33935EDE121D} -> Downloader.IstBar.jm : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{46FBC077-C8C1-4838-9E70-0628038026E8} -> Downloader.Dyfuca.ei : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{4973506E-EE68-41B9-BBD0-E9C038776276} -> Adware.Gator : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{4D4A766F-7229-4D66-A496-0C95F6B2D40F} -> Adware.Gator : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{66478FD6-25C2-4E2F-8D93-E0E5D04C8ADB} -> Adware.SideFind : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{68FB70BE-9F6A-48C1-BC35-5A1B76F0B1AE} -> Adware.Gator : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{731C0146-7DFC-46B4-A31F-7E3A1C91019D} -> Downloader.IstBar : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{7966CCA9-748A-425A-AB99-D3688A989AA1} -> Downloader.IstBar.ms : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{7FEAEA7A-39FD-4A42-88E2-3368ED34674A} -> Downloader.Dyfuca.ei : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{8B6AA016-500C-4168-9E43-23078301986A} -> Adware.PowerScan : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{8C683109-C55A-4C4D-82E3-0F775B551006} -> Adware.Gator : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{CA567670-7288-42D5-B7CD-4F55AE62AB3B} -> Adware.EZula : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{CADF08F8-244C-4AF1-B301-41FD97EB7E5C} -> Downloader.IstBar.ij : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{CD74E01C-2C8B-4816-BCAF-2C5C4DAFA9A3} -> Trojan.Small.cy : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{DE860B18-A779-4E65-9EB7-198750128E91} -> Downloader.Dyfuca.dt : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{E096AE63-D006-4EDD-80A0-C69CAAD5F365} -> Adware.SurfAccuracy : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{F0305BB1-3708-4692-A7DD-76DB6836BC31} -> Downloader.Dyfuca : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{F4F1C478-336D-493C-8B84-F0EB113F124E} -> Downloader.Dyfuca : Nettoyer et sauvegarder
   :mozilla.27:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
   :mozilla.34:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
   :mozilla.35:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
   :mozilla.37:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
   :mozilla.38:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.39:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.44:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
   :mozilla.45:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
   :mozilla.58:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
   :mozilla.59:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
   :mozilla.61:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
   :mozilla.62:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
   :mozilla.65:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder
   :mozilla.66:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder
   :mozilla.67:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder
   :mozilla.68:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder
   :mozilla.75:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
   :mozilla.82:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
   :mozilla.83:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
   :mozilla.84:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
   :mozilla.93:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyer et sauvegarder
   :mozilla.94:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
   :mozilla.96:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
   :mozilla.98:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
   :mozilla.100:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
   :mozilla.101:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
   :mozilla.10:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
   :mozilla.23:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
   :mozilla.25:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.26:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.27:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.28:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.30:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.31:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.32:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.33:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.34:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.35:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.36:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.37:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.42:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
   :mozilla.43:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Trafic : Nettoyer et sauvegarder
   :mozilla.58:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
   :mozilla.59:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
   :mozilla.68:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
   :mozilla.75:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Com : Nettoyer et sauvegarder
   :mozilla.76:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Com : Nettoyer et sauvegarder
   :mozilla.83:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Hotlog : Nettoyer et sauvegarder
   :mozilla.96:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
   :mozilla.97:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
   :mozilla.98:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
   :mozilla.99:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
   :mozilla.104:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
   :mozilla.105:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
   :mozilla.112:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyer et sauvegarder
   :mozilla.126:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Gator : Nettoyer et sauvegarder
   :mozilla.141:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Adserver : Nettoyer et sauvegarder
   :mozilla.142:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Adserver : Nettoyer et sauvegarder
   :mozilla.144:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Spylog : Nettoyer et sauvegarder
   :mozilla.145:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
   :mozilla.146:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
   :mozilla.147:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
   :mozilla.152:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
   :mozilla.183:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Xxxtoolbar : Nettoyer et sauvegarder
   :mozilla.184:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Xxxtoolbar : Nettoyer et sauvegarder
   :mozilla.194:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
   :mozilla.195:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
   :mozilla.210:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
   :mozilla.211:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
   :mozilla.212:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
   :mozilla.227:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder
   :mozilla.247:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
   :mozilla.256:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder
   :mozilla.257:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
   :mozilla.267:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
   :mozilla.278:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder
   :mozilla.279:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder
   :mozilla.280:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder
   :mozilla.281:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder
   D:\sauvegarde\Documents and Settings\Louise and Dave\Cookies\louise and dave@com[2].txt -> TrackingCookie.Com : Nettoyer et sauvegarder
   D:\sauvegarde\Documents and Settings\Louise and Dave\Cookies\louise and dave@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkikodzcfoaqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder
   D:\sauvegarde\Documents and Settings\Louise and Dave\Cookies\louise and dave@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiukcjafpgudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder
   D:\sauvegarde\Documents and Settings\Louise and Dave\Cookies\louise and dave@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkokkajakqqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder
   D:\sauvegarde\Documents and Settings\Louise and Dave\Cookies\louise and dave@y-1shz2prbmdj6wvny-1sez2pra2dj6wfliupdzaloqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder
   D:\sauvegarde\Documents and Settings\Louise and Dave\Cookies\louise and dave@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlokmc5aepgidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder
   D:\sauvegarde\Documents and Settings\Louise and Dave\Cookies\louise and dave@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlykjdjgaqasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder


::Fin du rapport

mitFraudFix v2.54

Rapport fait à 20:53:53,45, 06/06/2006
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

[HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\system32\imfdfcj.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\system32\imfdfcj.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\atmclk.exe supprimé
C:\WINDOWS\system32\dcomcfg.exe supprimé
C:\WINDOWS\system32\hp???.tmp supprimé
C:\WINDOWS\system32\imfdfcj.dll supprimé
C:\WINDOWS\system32\ld????.tmp supprimé
C:\WINDOWS\system32\ot.ico supprimé
C:\WINDOWS\system32\regperf.exe supprimé
C:\WINDOWS\system32\simpole.tlb supprimé
C:\WINDOWS\system32\stdole3.tlb supprimé
C:\WINDOWS\system32\ts.ico supprimé
C:\WINDOWS\system32\1024\ supprimé
C:\DOCUME~1\ADMINI~1\Favoris\Antivirus Test Online.url supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\imfdfcj.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé.
 
»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



Hope this is OK, 2 files you wanted me to check in the hijackthis were not there ;-
RO - HKCU\Software\Microsft\Internet Explorer\Main,Local Page = \blank.htm - I had one similar ending with
Main,Window Title = Wanadoo.  I did not check it as it was not exactly the same.
Also I did not have
o2-BHO:Nothing -{6ab7158b-4bff..............\hp100.tmp

Re txt file:-

 Le volume dans le lecteur C n'a pas de nom.
 Le num‚ro de s‚rie du volume est FC59-A376

 R‚pertoire de C:\Documents and Settings\Administrateur\Bureau

11/01/2005  10:21            33ÿ792 rundll32.exe
               1 fichier(s)           33ÿ792 octets

 R‚pertoire de C:\WINDOWS\system32\dllcache

11/01/2005  10:20            32ÿ256 rundll32.exe
               1 fichier(s)           32ÿ256 octets


Translators do not really help as computer jargon is not a direct translation .  I was having a mad moment and did not realise the Clean up program was English.  I am feeling better now.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
rundll32.exe
« Reply #7 on: June 06, 2006, 10:54:20 PM »
Looie, that's looking good, however, I don't think you properly ran CleanUp!
Can you do this one more time please
Open CleanUp!>>Run the program, ensure you are NOT running demo mode
Reboot the computer afterwards
On restart, it may be a bit slower,that will increase on next bootup

Let me know how everything's running please, just some final steps and we should be done here


I'm a little concerned as to where you downloaded rundll32.exe from, however, it does look legit
the Dllcache folder is a hidden folder, can you ensure you have Windows set to show hidden files and folders
Navigate to this folder
C:\WINDOWS\system32\dllcache

Right click on rundll32.exe and select Copy
Then PASTE it to the follow folder

C:\WINDOWS\system32

Let me know how everything's running please
« Last Edit: June 06, 2006, 11:00:04 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Looie

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
rundll32.exe
« Reply #8 on: June 07, 2006, 03:48:41 AM »
I have done the above.  I can now get into my control panel and have no annoying ads so far.
However, my incredimail is shutting down after about 5-10 minutes - the fault says,

Exception: ACCESS_VIOLATION (C0000005) - on reading from 00000000
Faulting Offset: 0000EFE5
Module: IMApp.exe

0000EFE5     IMApp.exe

I have reinitiated my spyware.

Are you able to tell if I had anything nasty i.e. virus etc befor which you have now fixed? Or was it just adware stuff?

The rundll32 file came from a link on the topic ,  http://www.spywareinfo.com/~merijn/winfiles.html#rundll32
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
rundll32.exe
« Reply #9 on: June 07, 2006, 11:53:00 AM »
I can't find too much info on that except relationship to Asquared
Can you disable the A-Squared guard completely and then reboot the computer and see if you still get the same error message
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Looie

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
rundll32.exe
« Reply #10 on: June 09, 2006, 03:53:40 AM »
I left it on all day and everything seems to be fine - many thanks.
When I run a scan I still see a few errors, but as it is running Ok will leave them.
Thanks again.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
rundll32.exe
« Reply #11 on: June 10, 2006, 02:10:22 AM »
Quote
When I run a scan I still see a few errors,

What are we talking about with the above?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »