• Registrarse
  • Iniciar sesión


  • Resultados 1 al 4 de 4

    Virus Folkanjekyrw.exe

    pfffffffff amigo ya somos doooooooooooooos!!! help!!!...

    1. #1
      Usuario Avatar de chagorracho
      Registrado
      oct 2012
      Ubicación
      mexico
      Mensajes
      2

      Virus Folkanjekyrw.exe

      pfffffffff amigo ya somos doooooooooooooos!!! help!!!

    2. #2
      Developer Avatar de Dany3j
      Registrado
      mar 2011
      Ubicación
      China
      Mensajes
      6.652

      Re: Virus Folkanjekyrw.exe

      Bienvenido.

      Realiza lo siguiente:

      - Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
        • *Nota* No vuelvas a utilizar ComboFix ni ningun otro programa antivirus hasta que no te de una respuesta.

      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.


      El reporte generado, se encuentra en C:\ComboFix.txt . Abrilo, seleccionas Todo y lo copias y pegas en Tu próxima respuesta.

      Me tope con un gato negro y tuve que desviarme por el camino largo.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de chagorracho
      Registrado
      oct 2012
      Ubicación
      mexico
      Mensajes
      2

      Re: Virus Folkanjekyrw.exe

      waaaaao thanks brooo se borro el condenado archivo!!! segun yo ya quedo el mio y te dejo el blog.



      ComboFix 12-09-30.03 - chagorracho quad 01/10/2012 17:05:41.1.4 - x64
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.52.3082.18.3564.1908 [GMT -5:00]
      Running from: c:\users\chagorracho quad\Downloads\ComboFix.exe
      AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
      SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\program files (x86)\BrowserCompanion
      c:\program files (x86)\BrowserCompanion\BCHelper.exe
      c:\program files (x86)\BrowserCompanion\blabbers-ch.crx
      c:\program files (x86)\BrowserCompanion\blabbers-ff-full.xpi
      c:\program files (x86)\BrowserCompanion\jsloader.dll
      c:\program files (x86)\BrowserCompanion\logo.ico
      c:\program files (x86)\BrowserCompanion\sqlite3.dll
      c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
      c:\program files (x86)\BrowserCompanion\toolbar.dll
      c:\program files (x86)\BrowserCompanion\uninstall.exe
      c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll
      c:\program files (x86)\BrowserCompanion\updater.ini
      c:\program files (x86)\BrowserCompanion\widgetserv.exe
      c:\users\chagorracho quad\folkanjekyrw.exe
      c:\windows\SysWow64\Msglixgrx.dll
      c:\windows\SysWow64\muzapp.exe
      c:\windows\SysWow64\Temp
      c:\windows\SysWow64\Temp\em023_32.dat
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-09-01 to 2012-10-01 )))))))))))))))))))))))))))))))
      .
      .
      2012-10-01 22:19 . 2012-10-01 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-09-28 18:22 . 2012-09-28 18:22 -------- d-----w- c:\users\chagorracho quad\Tracing
      2012-09-28 14:49 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{288FA4F9-1FCB-480B-BF9D-7F94A8A0445F}\mpengine.dll
      2012-09-26 06:30 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
      2012-09-17 00:56 . 2012-09-17 00:56 -------- d-----w- C:\found.001
      2012-09-14 07:08 . 2012-09-14 07:08 -------- d-----w- c:\program files (x86)\Common Files\Skype
      2012-09-14 07:08 . 2012-09-14 07:08 -------- d-----r- c:\program files (x86)\Skype
      2012-09-11 22:02 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
      2012-09-11 22:02 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
      2012-09-11 22:02 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
      2012-09-11 22:02 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
      2012-09-11 22:02 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
      2012-09-11 22:02 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
      2012-09-11 22:02 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
      2012-09-08 05:41 . 2012-09-08 05:41 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-09-24 19:39 . 2012-04-03 14:27 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2012-09-24 19:39 . 2012-04-03 14:27 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2012-09-12 06:34 . 2012-04-28 00:17 64462936 ----a-w- c:\windows\system32\MRT.exe
      2012-08-05 02:36 . 2012-08-05 02:36 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
      2012-08-05 02:36 . 2012-08-05 02:36 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
      2012-07-22 19:46 . 2012-07-22 19:46 40960 ----a-r- c:\users\chagorracho quad\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
      2012-07-22 19:46 . 2012-07-22 19:46 40960 ----a-r- c:\users\chagorracho quad\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
      2012-07-18 18:15 . 2012-08-16 03:38 3148800 ----a-w- c:\windows\system32\win32k.sys
      2012-07-06 20:07 . 2012-08-16 05:04 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
      2012-07-04 22:16 . 2012-08-16 03:38 73216 ----a-w- c:\windows\system32\netapi32.dll
      2012-07-04 22:13 . 2012-08-16 03:38 59392 ----a-w- c:\windows\system32\browcli.dll
      2012-07-04 22:13 . 2012-08-16 03:38 136704 ----a-w- c:\windows\system32\browser.dll
      2012-07-04 21:14 . 2012-08-16 03:38 41984 ----a-w- c:\windows\SysWow64\browcli.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
      "cdloader"="c:\users\chagorracho quad\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
      "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-03 21432]
      "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-03 975288]
      "Facebook Update"="c:\users\chagorracho quad\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
      "Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-05-31 445624]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-03 3524536]
      "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
      "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
      "LoadAppInit_DLLs"=0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
      "aux2"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
      "HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
      .
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R2 gupdate;Google Update Servicio (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-30 116648]
      R2 NEWDRIVER;NEWDRIVER;c:\windows\SysWow64\WinVDEdrv6.sys [x]
      R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
      R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-24 250288]
      R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-08-05 14448]
      R3 gupdatem;Google Update Servicio (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-30 116648]
      R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
      R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
      R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
      R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
      R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
      R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
      R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
      R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-05 1255736]
      R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
      S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-03-05 78976]
      S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-03-05 38528]
      S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
      S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
      S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
      S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
      S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-26 204288]
      S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-06-15 146592]
      S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-06-15 91296]
      S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
      S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
      S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
      S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
      S2 waudit;waudit;c:\windows\ASMBB\x64\waudit.exe [2012-04-27 1314816]
      S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-26 9263104]
      S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-26 300544]
      S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-06-15 36000]
      S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-18 115216]
      S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-06-15 259744]
      S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-06-15 109216]
      S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-06-15 29344]
      S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-06-15 166048]
      S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-06-15 59040]
      S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-06-15 283296]
      S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-06-15 289440]
      S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-04-14 31088]
      S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]
      S3 KHCAP;KHCap Packet Driver (KHCAP);c:\windows\system32\drivers\KHCAP.sys [2012-04-27 39304]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]
      S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
      S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
      S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
      S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
      S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
      S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]
      .
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 19:39]
      .
      2012-10-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1965484930-2953310197-1321165907-1000Core.job
      - c:\users\chagorracho quad\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-07 01:36]
      .
      2012-10-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1965484930-2953310197-1321165907-1000UA.job
      - c:\users\chagorracho quad\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-07 01:36]
      .
      2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-30 00:42]
      .
      2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-30 00:42]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]
      "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      uStart Page = hxxp://search.babylon.com/?affID=112234&tt=2912_8&babsrc=HP_ss&mntrId=faa3d3090000000000008a1132e47834
      mStart Page = hxxp://samsung.msn.com
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uInternet Settings,ProxyOverride = *.local
      IE: &Enviar a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
      IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
      TCP: DhcpNameServer = 192.168.1.254
      Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
      Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
      Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
      FF - ProfilePath - c:\users\chagorracho quad\AppData\Roaming\Mozilla\Firefox\Profiles\zr6uq9lh.default\
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.mx/
      FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112234&tt=2912_8&babsrc=KW_ss&mntrId=faa3d3090000000000008a1132e47834&q=
      FF - user.js: network.http.max-persistent-connections-per-server - 4
      FF - user.js: nglayout.initialpaint.delay - 600
      FF - user.js: content.notify.interval - 600000
      FF - user.js: content.max.tokenizing.time - 1800000
      FF - user.js: content.switch.threshold - 600000
      FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112234&tt=2912_8
      FF - user.js: extensions.BabylonToolbar_i.babExt -
      FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
      FF - user.js: extensions.BabylonToolbar_i.id - faa3d3090000000000008a1132e47834
      FF - user.js: extensions.BabylonToolbar_i.hardId - faa3d3090000000000008a1132e47834
      FF - user.js: extensions.BabylonToolbar_i.instlDay - 15538
      FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
      FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
      FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:24
      FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
      FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
      FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
      FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
      FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
      FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
      .
      - - - - ORPHANS REMOVED - - - -
      .
      BHO-{00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files (x86)\BrowserCompanion\jsloader.dll
      Toolbar-Locked - (no file)
      Wow6432Node-HKCU-Run-folkanjekyrw - c:\users\chagorracho quad\folkanjekyrw.exe
      Wow6432Node-HKLM-Run-<NO NAME> - (no file)
      Wow6432Node-HKLM-Run-Browser companion helper - c:\program files (x86)\BrowserCompanion\BCHelper.exe
      Toolbar-Locked - (no file)
      AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
      @Denied: (A) (Everyone)
      "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
      @Denied: (A) (Everyone)
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
      "Key"="ActionsPane3"
      "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      Completion time: 2012-10-01 17:24:53
      ComboFix-quarantined-files.txt 2012-10-01 22:24
      .
      Pre-Run: 128,888,201,216 bytes libres
      Post-Run: 128,650,850,304 bytes libres
      .
      - - End Of File - - CA8F37002A67CABCBCF8FECFED08891C

    4. #4
      Developer Avatar de Dany3j
      Registrado
      mar 2011
      Ubicación
      China
      Mensajes
      6.652

      Re: Virus Folkanjekyrw.exe

      Hola de nuevo

      Realiza lo siguiente :

      • Clic en INICIO > EJECUTAR >
        • Y ahí pones notepad.exe y ACEPTAR
        • Ahora copia y pega el texto del cuadro de mas abajo dentro del Notepad


      Código:
      KillAll::
      ClearJavaCache::
      
      DDS::
      uLocal Page = c:\windows\system32\blank.htm
      uStart Page = hxxp://search.babylon.com/?affID=112234&tt=2912_8&babsrc=HP_ss&mntrId=faa3d3 090000000000008a1132e47834
      mStart Page = hxxp://samsung.msn.com
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uInternet Settings,ProxyOverride = *.local
      IE: &Enviar a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
      IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
      TCP: DhcpNameServer = 192.168.1.254
      Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - 
      Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - 
      Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - 
      
      Firefox::
      FF - ProfilePath - c:\users\chagorracho quad\AppData\Roaming\Mozilla\Firefox\Profiles\zr6uq9lh.default\
      FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112234&tt=2912_8&babsrc=KW_ss&mntrId=faa3d3 090000000000008a1132e47834&q=
      FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112234&tt=2912_8
      FF - user.js: extensions.BabylonToolbar_i.babExt - 
      FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
      FF - user.js: extensions.BabylonToolbar_i.id - faa3d3090000000000008a1132e47834
      FF - user.js: extensions.BabylonToolbar_i.hardId - faa3d3090000000000008a1132e47834
      FF - user.js: extensions.BabylonToolbar_i.instlDay - 15538
      FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
      FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
      FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:24
      FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
      FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
      FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
      FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
      FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
      FF - user.js: extensions.BabylonToolbar_i.instlRef - sst


      • Guarda este archivo con el nombre CFScript.txt
      • Arrastra y suelta el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra el screenshot de abajo.



      • ComboFix comenzará otra vez a ejecutarse. Cuando termine generara un nuevo reporte que tendras que pegar en este mismo tema.




      Después de reiniciar, comprobas en funcionamiento y nos comentás.



      saludos

      Me tope con un gato negro y tuve que desviarme por el camino largo.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.