Foro de Spyware - Ver Mensaje Individual - Ayuda para eliminar CFGBKEN.DLL (solucionado)

Tema: Ayuda para eliminar CFGBKEN.DLL (solucionado)

Ver Mensaje Individual

post #9 (permalink)

03/02/08, 04:00:08

sam084

Usuario

Registrado: ene 2008

Ubicación: Mexico

Mensajes: 24

Re: Ayuda para eliminar CFGBKEN.DLL !!!

buenas noches.. gracias ya se pudo eliminar el virus cpaskzvq.dll !!!

se los agradesco mucho, ya no tendre que formatiar la computadora.

bueno agrego el resultado del LOG:

ComboFix 08-02.03.1 - Mantenimiento 2008-02-03 0:49:19.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.62 [GMT -7:00]
Running from: C:\Documents and Settings\Mantenimiento\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mantenimiento\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\drivers\cpaskzvq.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\cpaskzvq.dat . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.

2008-02-02 20:02 . 2008-02-02 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-02 19:57 . 2008-02-02 20:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-02 19:57 . 2008-02-02 19:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 19:57 . 2008-02-02 19:57 <DIR> d-------- C:\Documents and Settings\Mantenimiento\Application Data\SUPERAntiSpyware.com
2008-01-31 17:46 . 2008-01-31 17:46 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-30 18:29 . 2008-01-30 18:29 <DIR> d-------- C:\Documents and Settings\Mantenimiento\Application Data\Symantec
2008-01-30 18:10 . 2008-02-02 22:54 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-01-30 18:10 . 2008-01-30 18:10 <DIR> d-------- C:\Documents and Settings\Operador\Application Data\Symantec
2008-01-30 17:22 . 2008-01-30 17:22 268 --ah----- C:\sqmdata17.sqm
2008-01-30 17:22 . 2008-01-30 17:22 244 --ah----- C:\sqmnoopt17.sqm
2008-01-29 19:42 . 2008-01-29 19:42 268 --ah----- C:\sqmdata16.sqm
2008-01-29 19:42 . 2008-01-29 19:42 244 --ah----- C:\sqmnoopt16.sqm
2008-01-28 11:43 . 2008-01-28 11:43 268 --ah----- C:\sqmdata15.sqm
2008-01-28 11:43 . 2008-01-28 11:43 244 --ah----- C:\sqmnoopt15.sqm
2008-01-28 08:59 . 2008-01-28 08:59 268 --ah----- C:\sqmdata14.sqm
2008-01-28 08:59 . 2008-01-28 08:59 244 --ah----- C:\sqmnoopt14.sqm
2008-01-23 17:42 . 2008-01-30 22:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-23 17:42 . 2008-01-23 17:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-11 17:08 . 2008-01-11 17:08 268 --ah----- C:\sqmdata13.sqm
2008-01-11 17:08 . 2008-01-11 17:08 244 --ah----- C:\sqmnoopt13.sqm
2008-01-11 10:48 . 2008-01-11 10:48 268 --ah----- C:\sqmdata12.sqm
2008-01-11 10:48 . 2008-01-11 10:48 244 --ah----- C:\sqmnoopt12.sqm
2008-01-10 16:39 . 2008-01-10 16:39 268 --ah----- C:\sqmdata11.sqm
2008-01-10 16:39 . 2008-01-10 16:39 244 --ah----- C:\sqmnoopt11.sqm
2008-01-09 18:37 . 2008-01-09 18:37 268 --ah----- C:\sqmdata10.sqm
2008-01-09 18:37 . 2008-01-09 18:37 244 --ah----- C:\sqmnoopt10.sqm
2008-01-08 17:10 . 2008-01-08 17:10 268 --ah----- C:\sqmdata09.sqm
2008-01-08 17:10 . 2008-01-08 17:10 244 --ah----- C:\sqmnoopt09.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-03 05:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-03 05:58 --------- d-----w C:\Program Files\Symantec
2008-02-03 05:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-27 10:00 --------- d-----w C:\Documents and Settings\Operador\Application Data\AdwareAlert
2007-12-11 01:35 19,456 ----a-w C:\WINDOWS\system32\drivers\cpaskzvq.dat
2007-10-09 23:20 21,280 ----a-w C:\Documents and Settings\Operador\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 05:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:21 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-07 18:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2005-01-27 10:17 1381376 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-01-11 07:08 577536 C:\WINDOWS\SOUNDMAN.EXE

R1 CBUL32;Measurement Computing DataAcq;C:\WINDOWS\system32\drivers\CBUL32.SYS [2006-01-06 04:59]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-30 02:36:31 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-12-17 19:42:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 00:52:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\rundll32.exe
.
************************************************** ************************
.
Completion time: 2008-02-03 0:53:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-03 07:52:59
ComboFix2.txt 2008-02-03 06:00:38
.
2008-02-01 00:47:43 --- E O F ---