windows 7: werbeeinblendung durch "saveshare"

cLynE · 19.10.2013, 19:17

das ging schnell

01. combofix.txt:

Code:

ATTFilter

ComboFix 13-10-19.02 - Flo 19.10.2013  19:49:09.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8183.5466 [GMT 2:00]
ausgeführt von:: d:\users\Flo\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bffppjbfbpljaihjhbiognhpknmcgphd
c:\users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bffppjbfbpljaihjhbiognhpknmcgphd\1.0\background.html
c:\users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bffppjbfbpljaihjhbiognhpknmcgphd\1.0\content.js
c:\users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bffppjbfbpljaihjhbiognhpknmcgphd\1.0\lsdb.js
c:\users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bffppjbfbpljaihjhbiognhpknmcgphd\1.0\manifest.json
c:\users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bffppjbfbpljaihjhbiognhpknmcgphd\1.0\newtab.html
c:\users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bffppjbfbpljaihjhbiognhpknmcgphd\1.0\NTdwfGJRzpv.js
c:\users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bffppjbfbpljaihjhbiognhpknmcgphd\1.0\sqlite.js
c:\users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejipendjplkllknbfmfakmpinnnojgca
c:\users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejipendjplkllknbfmfakmpinnnojgca\1.6\_x29g3Ue.js
c:\users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejipendjplkllknbfmfakmpinnnojgca\1.6\background.html
c:\users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejipendjplkllknbfmfakmpinnnojgca\1.6\content.js
c:\users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejipendjplkllknbfmfakmpinnnojgca\1.6\lsdb.js
c:\users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejipendjplkllknbfmfakmpinnnojgca\1.6\manifest.json
c:\users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejipendjplkllknbfmfakmpinnnojgca\1.6\sqlite.js
c:\users\Flo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bffppjbfbpljaihjhbiognhpknmcgphd_0.localstorage-journal
c:\users\Flo\AppData\Local\Temp\102Bwrd.~lk\8363fspext.dll
c:\users\Flo\AppData\Local\Temp\102Bwrd.~lk\9513fspext.dll
c:\users\Flo\AppData\Local\Temp\jna5310508548014326466.dll
c:\users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\tfq6jm2w.default\extensions\aoi5j0aa@qaqzarur.co.uk
c:\users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\tfq6jm2w.default\extensions\aoi5j0aa@qaqzarur.co.uk\bootstrap.js
c:\users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\tfq6jm2w.default\extensions\aoi5j0aa@qaqzarur.co.uk\chrome.manifest
c:\users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\tfq6jm2w.default\extensions\aoi5j0aa@qaqzarur.co.uk\content\bg.js
c:\users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\tfq6jm2w.default\extensions\aoi5j0aa@qaqzarur.co.uk\install.rdf
c:\windows\ST6UNST.000
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-09-19 bis 2013-10-19  ))))))))))))))))))))))))))))))
.
.
2013-10-19 17:02 . 2013-10-19 17:02	--------	d-----w-	C:\FRST
2013-10-19 16:27 . 2013-10-19 17:53	--------	d-----w-	c:\users\Flo\AppData\Local\Temp
2013-10-19 16:27 . 2013-10-19 16:21	24064	----a-w-	c:\windows\zoek-delete.exe
2013-10-19 13:47 . 2013-10-19 13:47	--------	d-----w-	c:\users\Flo\AppData\Roaming\Malwarebytes
2013-10-19 13:47 . 2013-10-19 13:47	--------	d-----w-	c:\programdata\Malwarebytes
2013-10-19 13:47 . 2013-10-19 13:47	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-19 13:47 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-10-19 13:39 . 2013-10-19 13:39	--------	d-----w-	c:\windows\ERUNT
2013-10-19 13:03 . 2013-10-19 13:03	286720	------w-	c:\windows\Setup1.exe
2013-10-19 13:03 . 2013-10-19 13:03	73216	----a-w-	c:\windows\ST6UNST.EXE
2013-10-19 13:02 . 2013-10-19 13:35	--------	d-----w-	C:\AdwCleaner
2013-10-19 11:47 . 2013-10-19 11:47	110080	----a-r-	c:\users\Flo\AppData\Roaming\Microsoft\Installer\{86CA3695-A412-4BAE-92B6-49A60C2AC663}\IconF7A21AF7.exe
2013-10-19 11:47 . 2013-10-19 11:47	110080	----a-r-	c:\users\Flo\AppData\Roaming\Microsoft\Installer\{86CA3695-A412-4BAE-92B6-49A60C2AC663}\IconD7F16134.exe
2013-10-19 11:47 . 2013-10-19 11:47	110080	----a-r-	c:\users\Flo\AppData\Roaming\Microsoft\Installer\{86CA3695-A412-4BAE-92B6-49A60C2AC663}\Icon1226A4C5.exe
2013-10-19 11:47 . 2013-10-19 11:47	--------	d-----w-	c:\windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-10-19 10:48 . 2013-10-19 10:47	965000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B972BF15-85B3-4146-863C-9B685730C7A9}\gapaengine.dll
2013-10-19 10:47 . 2013-10-14 07:12	10280728	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A20C1636-B468-4956-918B-5503575F7C53}\mpengine.dll
2013-10-17 15:39 . 2013-10-14 07:12	10280728	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-10 22:40 . 2013-09-22 14:16	96768	----a-w-	c:\windows\system32\mshtmled.dll
2013-10-10 22:40 . 2013-09-22 14:15	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-10-10 22:40 . 2013-09-22 10:03	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-10-10 16:15 . 2013-08-01 12:09	983488	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-10-10 16:15 . 2013-07-04 12:50	633856	----a-w-	c:\windows\system32\comctl32.dll
2013-10-10 16:15 . 2013-07-04 11:50	530432	----a-w-	c:\windows\SysWow64\comctl32.dll
2013-10-10 16:09 . 2013-07-20 10:33	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 16:09 . 2013-07-20 10:33	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 16:07 . 2013-08-28 01:12	461312	----a-w-	c:\windows\system32\scavengeui.dll
2013-10-10 15:56 . 2013-08-15 14:50	1769984	----a-w-	c:\windows\SysWow64\ChilkatCert.dll
2013-10-10 15:56 . 2013-08-15 14:49	2403328	----a-w-	c:\windows\SysWow64\ChilkatSocket.dll
2013-10-07 16:42 . 2013-10-07 16:42	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-07 16:42 . 2013-10-07 16:42	--------	d-----w-	c:\program files\iTunes
2013-10-07 16:42 . 2013-10-07 16:42	--------	d-----w-	c:\program files (x86)\iTunes
2013-10-07 16:42 . 2013-10-07 16:42	--------	d-----w-	c:\program files\iPod
2013-10-02 14:42 . 2013-10-02 14:42	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2013-09-29 09:43 . 2013-09-29 09:43	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\CrashDumps
2013-09-23 16:54 . 2013-09-23 16:54	--------	d-----w-	c:\users\Flo\AppData\Roaming\Doublefine
2013-09-22 19:11 . 2013-09-22 19:12	--------	d-----w-	c:\users\Flo\AppData\Roaming\AtomZombieData
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 22:36 . 2013-04-06 22:42	80541720	----a-w-	c:\windows\system32\MRT.exe
2013-10-10 16:11 . 2013-04-06 23:52	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-10 16:11 . 2013-04-06 23:52	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-06 15:45 . 2013-09-06 15:45	965008	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-29 19:33 . 2013-08-29 19:33	35365	----a-w-	c:\windows\SysWow64\uninstHelixYUV.exe
2013-08-29 01:48 . 2013-10-10 16:14	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-08-19 17:14 . 2013-05-29 19:18	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2013-08-19 17:14 . 2013-05-29 19:18	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2013-08-19 17:14 . 2013-05-29 19:18	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2013-08-19 17:14 . 2013-05-29 19:18	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2013-08-06 08:58 . 2013-08-23 13:45	9515512	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1D540D1-1288-450E-BFCD-D8C80F7C80EE}\mpengine.dll
2013-08-05 02:25 . 2013-09-13 16:37	155584	----a-w-	c:\windows\system32\drivers\ataport.sys
2013-08-02 02:14 . 2013-09-13 16:37	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-13 16:37	424448	----a-w-	c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-13 16:37	1161216	----a-w-	c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-13 16:37	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-13 16:37	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	6656	----a-w-	c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-13 16:37	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-13 16:37	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-13 16:37	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-13 16:37	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09 . 2013-09-13 16:37	338432	----a-w-	c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-13 16:37	112640	----a-w-	c:\windows\system32\smss.exe
2013-08-02 00:43 . 2013-09-13 16:37	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-13 16:37	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-13 16:37	6144	---ha-w-	c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-13 16:37	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-26 02:24 . 2013-09-13 16:37	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-07-26 02:24 . 2013-09-13 16:37	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-07-25 09:25 . 2013-08-14 13:51	1888768	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 13:51	1620992	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Flo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2013-10-17 1820072]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Agile1pAgent"="c:\program files (x86)\1Password\Agile1pAgent.exe" [2013-10-09 2244880]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-01 152392]
.
c:\users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Flo\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
PS3 Media Server.lnk - c:\program files (x86)\PS3 Media Server\PMS.exe [2013-4-6 432785]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
amBX Effects.lnk - c:\program files (x86)\amBX\Effects\amBX Event Manager.exe [2013-4-13 47616]
amBX Illuminate.lnk - c:\program files (x86)\amBX\Illuminate\Illuminate.exe [2008-3-6 2559833]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S2 Agile1Password;1Password;c:\program files (x86)\1Password\Agile1pService.exe;c:\program files (x86)\1Password\Agile1pService.exe [x]
S2 amBX Service;amBX Service;c:\program files (x86)\amBX\System\amBX_Service.exe;c:\program files (x86)\amBX\System\amBX_Service.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 Philips HAL Starter;Philips HAL Starter;c:\program files (x86)\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe;c:\program files (x86)\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 Philips amBX USB HAL;Philips amBX USB HAL;c:\program files (x86)\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe;c:\program files (x86)\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-06 16:11]
.
2013-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2096041217-3314628049-2909095456-1001Core.job
- c:\users\Flo\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-21 19:14]
.
2013-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2096041217-3314628049-2909095456-1001UA.job
- c:\users\Flo\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-21 19:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360]
"amBX Daemon"="c:\program files (x86)\amBX\Control Panel\amBXDaemon.exe" [2011-06-10 233472]
"amBX System Tray Application"="c:\program files\amBX\Gaming FXGen\x64\amBXFxGen.exe" [2011-11-09 143360]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\tfq6jm2w.default\
FF - prefs.js: network.proxy.http - www-proxy.t-online.de
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-09-26 23:01; aoi5j0aa@qaqzarur.co.uk; c:\users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\tfq6jm2w.default\extensions\aoi5j0aa@qaqzarur.co.uk
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-HelixYUVCodecs - c:\windows\system32\uninstHelixYUV.exe
AddRemove-Touchless - c:\program files (x86)\Leap Motion\Touchless For Windows\Uninstall Touchless For Windows.exe
AddRemove-{C1A27135-69EB-8D44-7358-34727DD7B820} - c:\programdata\DoowwnlOadd keepper\cLhK4P4q.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2096041217-3314628049-2909095456-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2096041217-3314628049-2909095456-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files\amBX\Gaming FXGen\win32\amBXFxGen.exe
c:\users\Flo\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Java\jre7\bin\javaw.exe
c:\program files\Logitech Gaming Software\plugins\LCDAppletsMono-8.12.072\Applets\x86\LCDMedia.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-10-19  19:55:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-10-19 17:55
.
Vor Suchlauf: 11 Verzeichnis(se), 116.030.115.840 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 115.501.121.536 Bytes frei
.
- - End Of File - - 45E1604E5DC570C4E737F5D47770F3FE
A36C5E4F47E84449FF07ED3517B43A31

2. AdwCleaner.txt:

Code:

ATTFilter

# AdwCleaner v3.008 - Bericht erstellt am 19/10/2013 um 19:58:22
# Updated 17/10/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Flo - FLO-PC
# Gestartet von : D:\Users\Flo\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\tfq6jm2w.default\foxydeal.sqlite

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16514


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\tfq6jm2w.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.yLVB9QE2Y.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement(\"script\");scri[...]

*************************

AdwCleaner[R0].txt - [9009 octets] - [19/10/2013 15:29:59]
AdwCleaner[R1].txt - [1022 octets] - [19/10/2013 15:34:03]
AdwCleaner[R2].txt - [1362 octets] - [19/10/2013 19:57:26]
AdwCleaner[S0].txt - [8772 octets] - [19/10/2013 15:31:18]
AdwCleaner[S1].txt - [1084 octets] - [19/10/2013 15:35:53]
AdwCleaner[S2].txt - [1283 octets] - [19/10/2013 19:58:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1343 octets] ##########

3. JRT.exe:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:2)
OS: Windows 7 Professional x64
Ran by Flo on 19.10.2013 at 20:05:43,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Flo\AppData\Roaming\mozilla\firefox\profiles\tfq6jm2w.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.10.2013 at 20:06:56,29
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

danke

windows 7: werbeeinblendung durch "saveshare"

Log-Analyse und Auswertung: windows 7: werbeeinblendung durch "saveshare"

windows 7: werbeeinblendung durch "saveshare"

Ähnliche Themen: windows 7: werbeeinblendung durch "saveshare"