getwindowinfo Virus

Zyfleia · 03.09.2013, 18:05

Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2013 01
Ran by Joakim at 2013-09-03 11:44:38 Run:1
Running from C:\Users\Joakim\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Heligua] - C:\Users\Joakim\AppData\Roaming\Edym\exuwm.exe [x]
C:\Users\Joakim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
C:\Users\Joakim\AppData\Roaming\Windows Net Data
BHO-x32: HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\Joakim\AppData\Roaming\HomeTab\HomeTab.dll No File
Toolbar: HKLM-x32 - HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\Joakim\AppData\Roaming\HomeTab\HomeTab.dll No File
CHR HKLM-x32\...\Chrome\Extension: [fgibjgmnimooanbagcfpnkmngejcojaf] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx
2013-08-08 22:46 - 2013-08-08 22:46 - 00000000 ____D C:\SoftwareUpdater
2013-08-08 22:39 - 2013-08-08 22:39 - 00000209 _____ C:\Users\Joakim\Desktop\Amazon.url
Task: {C2E149C6-F680-4D6B-8E47-68F6D7481044} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe No File
Task: {FFB88F7E-FA8F-42EF-BD62-0160E4FD3106} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files (x86)\HomeTab\TBUpdater.dll No File
Task: {AC632629-DD72-47DF-B94B-D9EF97921BF2} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\ProtectedSearch.exe No File
CMD: dir /a/b "C:\Users\Joakim\AppData\Roaming"
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Heligua => Value deleted successfully.
C:\Users\Joakim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk => Moved successfully.

"C:\Users\Joakim\AppData\Roaming\Windows Net Data" directory move:

C:\Users\Joakim\AppData\Roaming\Windows Net Data\id.dat => Moved successfully.
C:\Users\Joakim\AppData\Roaming\Windows Net Data\net.exe => Moved successfully.
C:\Users\Joakim\AppData\Roaming\Windows Net Data\uninstaller.exe => Moved successfully.
Could not move "C:\Users\Joakim\AppData\Roaming\Windows Net Data" directory. => Scheduled to move on reboot.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba696155-d96e-4281-b467-0367a0456474} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{ba696155-d96e-4281-b467-0367a0456474} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ba696155-d96e-4281-b467-0367a0456474} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{ba696155-d96e-4281-b467-0367a0456474} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fgibjgmnimooanbagcfpnkmngejcojaf => Key deleted successfully.
"C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx" => File/Directory not found.
C:\SoftwareUpdater => Moved successfully.
C:\Users\Joakim\Desktop\Amazon.url => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2E149C6-F680-4D6B-8E47-68F6D7481044} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2E149C6-F680-4D6B-8E47-68F6D7481044} => Key deleted successfully.
C:\Windows\System32\Tasks\DealPlyUpdate => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FFB88F7E-FA8F-42EF-BD62-0160E4FD3106} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFB88F7E-FA8F-42EF-BD62-0160E4FD3106} => Key deleted successfully.
C:\Windows\System32\Tasks\Browser Updater\Browser Updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater\Browser Updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AC632629-DD72-47DF-B94B-D9EF97921BF2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC632629-DD72-47DF-B94B-D9EF97921BF2} => Key deleted successfully.
C:\Windows\System32\Tasks\ProtectedSearch\Protected Search => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch\Protected Search => Key deleted successfully.

=========  dir /a/b "C:\Users\Joakim\AppData\Roaming" =========

Adobe
Apple Computer
ArcSoft
Asus WebStorage
Atari
Avira
Canon
ComBib
Dropbox
Edym
FLEXnet
Fotobuchexpress24
Google
ICQ
Identities
Iluwo
LolClient
LolClient2
Macromedia
Malwarebytes
Media Center Programs
Microsoft
Mozilla
MyPhoneExplorer
Nuance
OpenOffice.org
Opera
Origin
runic games
Ryed
Samsung
SecuROM
Skype
SoftGrid Client
Spotify
TP
TS3Client
vlc
WinBMA
Windows Net Data
WinRAR
Zeon

========= End of CMD: =========


=========== Result of Scheduled Files to move ===========

C:\Users\Joakim\AppData\Roaming\Windows Net Data => Moved successfully.

==== End of Fixlog ====

Eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cc1de9dddea8a940accf365ab745f7bc
# engine=14992
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-03 01:19:33
# local_time=2013-09-03 03:19:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 21068 148885678 13830 0
# compatibility_mode=5893 16776574 100 94 2219527 129844223 0 0
# scanned=328956
# found=0
# cleaned=0
# scan_time=12140
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cc1de9dddea8a940accf365ab745f7bc
# engine=14998
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-03 04:22:31
# local_time=2013-09-03 06:22:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 10442 148896656 3208 0
# compatibility_mode=5893 16776574 100 94 2230505 129855201 0 0
# scanned=169470
# found=0
# cleaned=0
# scan_time=4353

Das Problem scheint behoben zu sein!
Vielen, vielen Dank

getwindowinfo Virus

Plagegeister aller Art und deren Bekämpfung: getwindowinfo Virus

getwindowinfo Virus

Ähnliche Themen: getwindowinfo Virus