[Résolu] Infection TR/Vundo.FIX et TR/Monder.34304.4 - Sécurité - Virus
TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !
 




Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : [Résolu] Infection TR/Vundo.FIX et TR/Monder.34304.4
 
Profil : IDNaute
Plus d'informations

Bonsoir toutes et tous,

Sur l'ordinateur d'un ami, antivir à détecté au moins deux problèmes :
Vundo et Monder.

Quelqu'un peut-il m'aider ?

Voici le rapport hijackthis :

Citation :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:24, on 2008-09-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\system32\V0230Mon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Damien\Mes documents\hijackthis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/firefox?clien [...] mozilla:fr:official
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0545C48E-CDEA-41F2-97A9-6F044613878E} - (no file)
O2 - BHO: (no name) - {09CD5BBB-773C-49E4-989B-51F9A8BB37A6} - (no file)
O2 - BHO: (no name) - {0CD652AC-831A-45A2-B1EE-5642B572337B} - (no file)
O2 - BHO: (no name) - {264CD176-CB20-4249-B1C1-C7D7447BE536} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7c93d37d-e670-4a01-8e41-a1b000ceef7d} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {f01223d5-bea6-be08-17f4-f273e6d5a18a} - {a81a5d6e-372f-4f71-80eb-6aeb5d32210f} - C:\WINDOWS\system32\xtcrbq.dll
O2 - BHO: (no name) - {AA62D208-49D4-4E93-A2D9-11BEE36B8CF5} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B93ABF8B-F327-4286-84B6-D00700CB8AD1} - C:\WINDOWS\system32\opnOgFXp.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D17EC20D-4207-47CE-AFB5-1C950E1C8DE9} - (no file)
O2 - BHO: (no name) - {E1DA6974-4B55-4158-91FB-4EEF76309791} - C:\WINDOWS\system32\jkkKaxVp.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Love default global mess] C:\Documents and Settings\All Users\Application Data\great coal love default\media stop.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [a45bb28a] rundll32.exe "C:\WINDOWS\system32\mtxodeyy.dll",b
O4 - HKLM\..\Run: [BMa7688116] Rundll32.exe "C:\WINDOWS\system32\fjrohyhs.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [1caf53c8a4a8ca5185e64a6ee56e0c93] C:\DOCUME~1\Damien\MESDOC~1\MESFIC~1\18WHEE~1.EXE /r
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/p [...] nicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 7423193687
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O20 - Winlogon Notify: jkkKaxVp - C:\WINDOWS\SYSTEM32\jkkKaxVp.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 10413 bytes



Merci d'avance pour vos habituelles et précieuses lumières :D


Message édité par Chre le 16-09-2008 Ã  07:08:40

---------------
--
@+,
Christian.
Liens sponsorisés


Inscrivez-vous ou connectez-vous pour masquer ceci.

<@_@>
Profil : Helper
Plus d'informations

bonsoir
belle infection, tu as le pc sous la main? sinon, dis à ton copain de s'inscrire et de venir poster sur ce sujet. ça sera plus simple.

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM




---------------
Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Profil : IDNaute
Plus d'informations

Bonsoir Sham_Rock, bonsoir toutes et tous,

Effectivement, je vais voir avec lui s'il peut traiter en direct, sinon, je continuerai à faire l'intermédiaire.

En tout cas, merci de ton aide et de ta réponse, désolé pour le délai induit.

A bientôt,
Christian.


Message édité par Chre le 03-09-2008 Ã  18:25:33

---------------
--
@+,
Christian.
<@_@>
Profil : Helper
Plus d'informations

bonjour
si tu attends trop, c'est le format assuré
à moins que le copain ne surfe plus, sinon, plus il est connecté, plus la machine va s'infecter. :/


---------------
Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Profil : IDNaute
Plus d'informations

Bonsoir toutes et tous, bonsoir Sham_Rock,

Cela n'a pas été sans mal, 3h30 de traitement après beaucoup de difficultés pour télécharger et installer le programme MalwareByte's Anti-Malware. Étant à distance, je n'ai pas pu le faire en mode sans échec.

Voilà le résultat :

Citation :

Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1118
Windows 5.1.2600 Service Pack 2

2008-09-06 01:38:47
mbam-log-2008-09-06 (01-38-40).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 149039
Temps écoulé: 3 hour(s), 36 minute(s), 35 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 22
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 60

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\opnOgFXp.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jkkKaxVp.dll (Trojan.Vundo.H) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3dcec36e-be30-44bf-be58-fc62c674de11} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3dcec36e-be30-44bf-be58-fc62c674de11} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9096068b-daa7-4242-b95b-4489141f53d7} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9096068b-daa7-4242-b95b-4489141f53d7} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e1da6974-4b55-4158-91fb-4eef76309791} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkkaxvp (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e1da6974-4b55-4158-91fb-4eef76309791} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020Search) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e1da6974-4b55-4158-91fb-4eef76309791} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bma7688116 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a45bb28a (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnogfxp -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnogfxp -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ecoevu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\opnOgFXp.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\pXFgOnpo.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\pXFgOnpo.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jkkKaxVp.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\eqgrbyyq.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\qyybrgqe.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fccccCTL.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\LTCccccf.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\LTCccccf.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fccdDUmj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jmUDdccf.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jmUDdccf.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hnnbewli.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ilwebnnh.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ianbkvkx.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xkvkbnai.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\iifCuvst.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tsvuCfii.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tsvuCfii.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kkorcmmu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ummcrokk.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nttlkbex.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xebklttn.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tuvWqRKB.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\BKRqWvut.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\BKRqWvut.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wvUKbCrP.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\PrCbKUvw.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\PrCbKUvw.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xxyyyWOF.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\FOWyyyxx.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\FOWyyyxx.ini2 (Trojan.Vundo.H) -> No action taken.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Documents and Settings\Anita\Local Settings\Temporary Internet Files\Content.IE5\EWRWEQEM\kb65666[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Anita\Local Settings\Temporary Internet Files\Content.IE5\FUI1I7VR\kb767887[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Anita\Local Settings\Temporary Internet Files\Content.IE5\M3MDITSD\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Calix\Local Settings\Temporary Internet Files\Content.IE5\0Q3MJ16F\kb767887[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Calix\Local Settings\Temporary Internet Files\Content.IE5\DYL0AD24\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Calix\Local Settings\Temporary Internet Files\Content.IE5\K7PHQC7E\kb65666[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Damien\Local Settings\Temp\Répertoire temporaire 1 pour xpand rally xtreme demo.zip\Setup.exe (Adware.Agent) -> No action taken.
C:\Documents and Settings\Damien\Local Settings\Temporary Internet Files\Content.IE5\2068QFZ9\cntr[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Damien\Local Settings\Temporary Internet Files\Content.IE5\Y1SPS1JF\nd82m0[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Damien\Local Settings\Temporary Internet Files\Content.IE5\Y1SPS1JF\kb65666[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Damien\Mes documents\Mes fichiers reçus\logiciel\PLAY_MP3.exe (Adware.PlayMp3z) -> No action taken.
C:\Documents and Settings\Hugo\Local Settings\Temporary Internet Files\Content.IE5\AHV90ZC1\kb65666[1] (Trojan.Vundo) -> No action taken.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\Thumbs.db (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\hojeyeyo.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BMa7688116.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BMa7688116.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fccYsrRk.dll (Trojan.Vundo) -> No action taken.


---------------
--
@+,
Christian.
<@_@>
Profil : Helper
Plus d'informations

bonjour



Tu as mal lu la procédure:
dans ton rapport:

Citation :

C:\WINDOWS\system32\ecoevu.dll (Trojan.Vundo.H) -> No action taken.



Quand l'outil a trouvé quelque-chose, à la fin, il faut cliquer sur "Supprimer la sélection".

Recommence stp


---------------
Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Profil : IDNaute
Plus d'informations

Bonjour Sham_Rock,

Oui, j'ai vu mon erreur ce matin également : faut dire à 1h45 j'ai perdu les idées claires :(

Mais j'ai aussi fait le nécessaire pour récupérer l'ordinateur ici, ce sera plus facile. Je recommence donc la manip' et je te poste le nouveau rapport.


---------------
--
@+,
Christian.
<@_@>
Profil : Helper
Plus d'informations
Profil : IDNaute
Plus d'informations

Re Sham_Rock,

Comme convenu, voici le rapport complet de MalwareByte's Anti-Malware,
en mode sans échec et en ayant effectué le nettoyage demandé.

Citation :

Malwarebytes' Anti-Malware 1.26
Database version: 1119
Windows 5.1.2600 Service Pack 2

06/09/2008 22:26:05
mbam-log-2008-09-06 (22-26-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 189045
Time elapsed: 2 hour(s), 30 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 23
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 94

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\opnOgFXp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ecoevu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jkkKaxVp.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3dcec36e-be30-44bf-be58-fc62c674de11} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dcec36e-be30-44bf-be58-fc62c674de11} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6fba11ac-d1b1-4ba7-a2b2-884dc440e2c7} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6fba11ac-d1b1-4ba7-a2b2-884dc440e2c7} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e1da6974-4b55-4158-91fb-4eef76309791} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkkaxvp (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e1da6974-4b55-4158-91fb-4eef76309791} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{10840e9a-9af4-4a93-9291-a8c46187fdf7} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{733fb71a-0be0-40d4-ab62-9363dc8ef188} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a48527e4-cc46-43b8-a072-2167f3e8b627} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{623a7bbd-cebc-4a44-bacd-450188cf0ff6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{30fe99e9-ca4b-4bd5-855f-bad4ba0200b0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0fae9dca-8df8-45bd-a43a-03b262974ee8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d0e1d989-a98b-4d1d-904f-ec9662891ceb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e1da6974-4b55-4158-91fb-4eef76309791} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bma7688116 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a45bb28a (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnogfxp -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnogfxp -> Delete on reboot.

Folders Infected:
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\ecoevu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\opnOgFXp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pXFgOnpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pXFgOnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkKaxVp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\eqgrbyyq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qyybrgqe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccccCTL.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LTCccccf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LTCccccf.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccdDUmj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jmUDdccf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jmUDdccf.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hnnbewli.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilwebnnh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ianbkvkx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xkvkbnai.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifCuvst.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tsvuCfii.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tsvuCfii.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kkorcmmu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ummcrokk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nttlkbex.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xebklttn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvWqRKB.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BKRqWvut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BKRqWvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUKbCrP.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PrCbKUvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PrCbKUvw.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyyyWOF.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FOWyyyxx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FOWyyyxx.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Local Settings\Temporary Internet Files\Content.IE5\EWRWEQEM\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Local Settings\Temporary Internet Files\Content.IE5\FUI1I7VR\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Local Settings\Temporary Internet Files\Content.IE5\M3MDITSD\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Damien\Local Settings\Temp\Répertoire temporaire 1 pour xpand rally xtreme demo.zip\Setup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Damien\Local Settings\Temporary Internet Files\Content.IE5\2068QFZ9\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Damien\Local Settings\Temporary Internet Files\Content.IE5\Y1SPS1JF\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Damien\Local Settings\Temporary Internet Files\Content.IE5\Y1SPS1JF\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Damien\Mes documents\Mes fichiers reçus\logiciel\PLAY_MP3.exe (Adware.PlayMp3z) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hugo\Local Settings\Temporary Internet Files\Content.IE5\AHV90ZC1\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP398\A0036733.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP402\A0037132.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP404\A0037384.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP405\A0037473.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP405\A0037474.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bjuwoqcn.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bqhegius.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fateub.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccYsrRk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fxvtbauy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ijcqauqf.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ivpxxwwi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jesbgkhy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kuroxeln.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mbwlie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcsvcf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nfkpeg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nfqngwen.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nijvcaed.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nrktnnah.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntkgdn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oafbrd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oqddonqs.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pdrreprp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pkigsope.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qujrtsif.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rvnivbtr.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smouvtto.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vjqqgj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xjmyxsbc.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xrlneh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xupvbwmi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yjbeqsit.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yjdyei.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yrpaxjrj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ywvguitg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zobcnr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ztvspy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successful