Foro de Spyware - Ver Mensaje Individual - Ayuda para eliminar CFGBKEN.DLL (solucionado)

Tema: Ayuda para eliminar CFGBKEN.DLL (solucionado)

Ver Mensaje Individual

post #6 (permalink)

03/02/08, 02:10:08

sam084

Usuario

Registrado: ene 2008

Ubicación: Mexico

Mensajes: 24

Re: Ayuda para eliminar CFGBKEN.DLL !!!

ok les dejo el reporte qeu me dio el CF:
(tube algunos problemas con el Norton Antivirus cuando trato el CF de generar el reporte pero lo desinstale y ya me dio el reporte en el segundo intento)

ComboFix 08-02.03.1 - Mantenimiento 2008-02-02 22:58:02.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.78 [GMT -7:00]
Running from: C:\Documents and Settings\Mantenimiento\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\cfgbken.dll
C:\WINDOWS\system32\drivers\cpaskzvq.dat . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_JZRZINTQ
-------\jzrzintq

((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.

2008-02-02 20:02 . 2008-02-02 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-02 19:57 . 2008-02-02 20:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-02 19:57 . 2008-02-02 19:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 19:57 . 2008-02-02 19:57 <DIR> d-------- C:\Documents and Settings\Mantenimiento\Application Data\SUPERAntiSpyware.com
2008-01-31 17:46 . 2008-01-31 17:46 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-30 18:59 . 2008-01-30 18:59 <DIR> d-------- C:\Program Files\SymNetDrv
2008-01-30 18:29 . 2008-01-30 18:29 <DIR> d-------- C:\Documents and Settings\Mantenimiento\Application Data\Symantec
2008-01-30 18:10 . 2008-02-02 22:54 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-01-30 18:10 . 2008-01-30 18:10 <DIR> d-------- C:\Documents and Settings\Operador\Application Data\Symantec
2008-01-30 17:22 . 2008-01-30 17:22 268 --ah----- C:\sqmdata17.sqm
2008-01-30 17:22 . 2008-01-30 17:22 244 --ah----- C:\sqmnoopt17.sqm
2008-01-29 19:42 . 2008-01-29 19:42 268 --ah----- C:\sqmdata16.sqm
2008-01-29 19:42 . 2008-01-29 19:42 244 --ah----- C:\sqmnoopt16.sqm
2008-01-28 11:43 . 2008-01-28 11:43 268 --ah----- C:\sqmdata15.sqm
2008-01-28 11:43 . 2008-01-28 11:43 244 --ah----- C:\sqmnoopt15.sqm
2008-01-28 08:59 . 2008-01-28 08:59 268 --ah----- C:\sqmdata14.sqm
2008-01-28 08:59 . 2008-01-28 08:59 244 --ah----- C:\sqmnoopt14.sqm
2008-01-23 17:42 . 2008-01-30 22:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-23 17:42 . 2008-01-23 17:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-11 17:08 . 2008-01-11 17:08 268 --ah----- C:\sqmdata13.sqm
2008-01-11 17:08 . 2008-01-11 17:08 244 --ah----- C:\sqmnoopt13.sqm
2008-01-11 10:48 . 2008-01-11 10:48 268 --ah----- C:\sqmdata12.sqm
2008-01-11 10:48 . 2008-01-11 10:48 244 --ah----- C:\sqmnoopt12.sqm
2008-01-10 16:39 . 2008-01-10 16:39 268 --ah----- C:\sqmdata11.sqm
2008-01-10 16:39 . 2008-01-10 16:39 244 --ah----- C:\sqmnoopt11.sqm
2008-01-09 18:37 . 2008-01-09 18:37 268 --ah----- C:\sqmdata10.sqm
2008-01-09 18:37 . 2008-01-09 18:37 244 --ah----- C:\sqmnoopt10.sqm
2008-01-08 17:10 . 2008-01-08 17:10 268 --ah----- C:\sqmdata09.sqm
2008-01-08 17:10 . 2008-01-08 17:10 244 --ah----- C:\sqmnoopt09.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-03 05:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-03 05:58 --------- d-----w C:\Program Files\Symantec
2008-02-03 05:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-27 10:00 --------- d-----w C:\Documents and Settings\Operador\Application Data\AdwareAlert
2007-12-11 01:35 19,456 ----a-w C:\WINDOWS\system32\drivers\cpaskzvq.dat
2007-11-07 09:50 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-09 23:20 21,280 ----a-w C:\Documents and Settings\Operador\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 05:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:21 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-07 18:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2005-01-27 10:17 1381376 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-01-11 07:08 577536 C:\WINDOWS\SOUNDMAN.EXE

R1 CBUL32;Measurement Computing DataAcq;C:\WINDOWS\system32\drivers\CBUL32.SYS [2006-01-06 04:59]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-30 02:36:31 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-12-17 19:42:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 22:59:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-02-02 23:00:38
ComboFix-quarantined-files.txt 2008-02-03 06:00:29
.
2008-02-01 00:47:43 --- E O F ---