PDA

View Full Version : pleasee some one is able to help me!!!


fierroga
2008-06-05, 03:00
hi i ad installed malwarebytes... and the scan said:

Malwarebytes' Anti-Malware 1.14
Versión de la Base de Datos: 826

1:44:00 05/06/2008
mbam-log-6-5-2008 (01-43-50).txt

Tipo de examen : Examen Completo (C:\|G:\|)
Objetos examinados: 118353
Tiempo transcurrido: 19 minute(s), 10 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 2
Claves del Registro Infectadas: 19
Valores del Registro Infectados: 3
Elementos de Datos del Registro Infectados: 2
Carpetas Infectadas: 0
Ficheros Infectados: 6

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
C:\WINDOWS\system32\geBuUlJD.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yayyXQjH.dll (Trojan.Vundo) -> No action taken.

Claves del Registro Infectadas:
HKEY_CLASSES_ROOT\CLSID\{3935b537-3e6d-04ed-abb3-acb16a699e3b} (Rogue.Multiple) -> No action taken.
HKEY_CLASSES_ROOT\AppID\AntiSpyKit.EXE (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\ask.enginelistener (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\ask.scanner (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\ask.threatcollection (Rogue.AntiSpyKit) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3713f9ee-c059-4540-b697-987ef263a088} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3713f9ee-c059-4540-b697-987ef263a088} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebuuljd (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{16f18670-7b58-406d-b47b-5b166c60ce67} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16f18670-7b58-406d-b47b-5b166c60ce67} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d86e6f27 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMdb5d5cbb (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3713f9ee-c059-4540-b697-987ef263a088} (Trojan.Vundo) -> No action taken.

Elementos de Datos del Registro Infectados:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayyxqjh -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\WINDOWS\system32\ghadujay.dll_old (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tspigucs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\dalbnaxh.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\geBuUlJD.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yayyXQjH.dll (Trojan.Vundo) -> No action taken.
////////////////////////////////////////////////////////////////////////////////////////


if i remove it an error rundll appears, on starts of windows, so i dont know

if you can tell me what can i do:red::red: thanks

pd: sorry about my english:lip:
shelf life
2008-06-06, 02:51
hi,

no replies because you missed this:

HiJackThis log - Trend Micro HijackThis 2.0.2
download HJTInstall.exe:
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

* Save HJTInstall.exe to your desktop.
* Doubleclick on the HJTInstall.exe icon on your desktop.
* By default it will install to C:\Program Files\Trend Micro\HijackThis .
* Click on Install.
* It will create a HijackThis icon on the desktop.
* Once installed, it will launch Hijackthis.
* Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
* Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log (no attachments) into your (Click --> ) own new topic

* DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
* DO NOT have Hijackthis fix anything yet. Most of what HJT lists will be harmless or even required by your Operating System, a helper will guide you.