Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: sbcvvhost_win86... schon wieder! oder immer noch?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 29.12.2011, 12:35   #1
David1234
 
sbcvvhost_win86... schon wieder! oder immer noch? - Standard

sbcvvhost_win86... schon wieder! oder immer noch?



Hallo,
ich hatte gestern schon mal das selbe Problem und am Ende funktionierte wieder alles.
Heute hab ich ca. 5 min im Internet gesurft. Dann hat meine Firewall (ZoneAlarm) mir mitgeteilt dass irgendein Programm das ich nicht kenne aufs Internet zugreifen will. Das hab ich verweigert.
Dann, knapp 1 sec später:
Weißer Screen, "Keine Verbindung zum Internet hergestellt. Bitte warten"
Beim Runterfahren verhindert (wie gestern) "sbcvvhost_win86" das Herunterfahren.
Abgesicherter Modus funktioniert auch nicht.
Hab dann OTLPE per CD gestartet und die logfiles erstellen lassen. Abgesehen davon, dass diesmal auch keine Extras.txt erstellt wurde.

Hier ist der OTL log

Code:
ATTFilter
OTL logfile created on: 12/29/2011 12:27:44 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Professional  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 78.03 Gb Total Space | 41.24 Gb Free Space | 52.85% Space Free | Partition Type: NTFS
Drive E: | 219.96 Gb Total Space | 178.43 Gb Free Space | 81.12% Space Free | Partition Type: NTFS
Drive F: | 1.91 Gb Total Space | 0.99 Gb Free Space | 51.86% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/08/17 06:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) [Auto] -- D:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/07/17 05:09:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/14 11:47:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/29 04:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- D:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/06/28 06:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- D:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/07/30 02:25:02 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV - [2009/07/30 02:12:44 | 000,348,160 | ---- | M] (Red Bend Ltd.) [Auto] -- D:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/04 12:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/10/11 02:45:56 | 000,051,712 | ---- | M] (ArcSoft) [Auto] -- D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/06/15 06:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto] -- D:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (catchme)
DRV - [2011/07/18 02:28:27 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System] -- D:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/07/17 05:09:05 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/17 05:09:05 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/05/15 09:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- D:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010/01/19 23:14:42 | 000,023,136 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009/07/30 02:06:10 | 000,056,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\bpenum.sys -- (bpenum) Intel(R)
DRV - [2009/07/21 14:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand] -- D:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/25 15:12:18 | 001,168,880 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009/06/14 21:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/05/11 03:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/08/06 05:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/03/14 08:23:12 | 000,169,008 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/02/20 13:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System] -- D:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005/02/23 08:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Eichenberg_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Eichenberg_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Eichenberg_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA BF 3B 1C 3D 62 CB 01  [binary data]
IE - HKU\Eichenberg_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.7.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Windows\System32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97: D:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: D:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/19 06:24:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/19 06:24:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/19 06:24:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010/10/02 10:17:49 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Eichenberg\AppData\Roaming\Mozilla\Extensions
[2010/10/02 10:17:49 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Eichenberg\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/29 03:08:53 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Eichenberg\AppData\Roaming\Mozilla\Firefox\Profiles\u2is866s.default\extensions
[2010/10/03 07:52:17 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- D:\Users\Eichenberg\AppData\Roaming\Mozilla\Firefox\Profiles\u2is866s.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/12/25 13:13:40 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- D:\Users\Eichenberg\AppData\Roaming\Mozilla\Firefox\Profiles\u2is866s.default\extensions\toolbar@web.de
[2010/08/27 16:04:54 | 000,000,943 | ---- | M] () -- D:\Users\Eichenberg\AppData\Roaming\Mozilla\Firefox\Profiles\u2is866s.default\searchplugins\conduit.xml
[2011/09/17 05:14:38 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2010/10/02 10:11:34 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/09/17 05:14:37 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- D:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/09/17 05:14:38 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- D:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2010/07/16 22:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/14 16:32:39 | 000,001,392 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/09/14 16:32:39 | 000,002,344 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/09/14 16:32:39 | 000,006,805 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/09/14 16:32:39 | 000,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/09/14 16:32:39 | 000,001,105 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKU\Eichenberg_ON_D\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Energy Management] D:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] D:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] D:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWirelessWiMAX] D:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4 - HKLM..\Run: [SearchSettings] D:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [WBhXTAWuFpmNyON] D:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe (sYhiglWP)
O4 - HKLM..\Run: [ZoneAlarm Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\Eichenberg_ON_D..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Eichenberg_ON_D..\Run: [SmartAudio] D:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKU\Eichenberg_ON_D..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Eichenberg_ON_D..\Run: [WBhXTAWuFpmNyON] D:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe (sYhiglWP)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Eichenberg_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Eichenberg_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Eichenberg_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Eichenberg_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 1
O7 - HKU\Eichenberg_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (C:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe) - D:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe (sYhiglWP)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Eichenberg_ON_D Winlogon: Shell - (C:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe) - D:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe (sYhiglWP)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/29 04:09:42 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/29 04:09:38 | 000,000,000 | ---D | C] -- D:\ProgramData\Spybot - Search & Destroy
[2011/12/29 04:09:38 | 000,000,000 | ---D | C] -- D:\Program Files\Spybot - Search & Destroy
[2011/12/29 03:59:56 | 000,000,000 | --SD | C] -- D:\ComboFix
[2011/12/29 03:53:40 | 000,095,744 | ---- | C] (Kassl GmbH) -- D:\Users\Eichenberg\AppData\Roaming\dwlGina3.dll
[2011/12/29 03:41:08 | 000,000,000 | ---D | C] -- D:\Users\Eichenberg\AppData\Roaming\OCS
[2011/12/29 03:10:39 | 000,381,100 | ---- | C] (sYhiglWP) -- D:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe
[2011/12/28 19:23:52 | 002,237,440 | R--- | C] (OldTimer Tools) -- D:\OTLPE.exe
[2011/12/28 19:23:51 | 000,000,000 | ---D | C] -- D:\_OTL
[2011/12/28 15:24:47 | 000,000,000 | -HSD | C] -- D:\$RECYCLE.BIN
[2011/12/28 15:24:44 | 000,000,000 | ---D | C] -- D:\Users\Eichenberg\AppData\Local\temp
[2011/12/28 15:17:02 | 000,518,144 | ---- | C] (SteelWerX) -- D:\Windows\SWREG.exe
[2011/12/28 15:17:02 | 000,406,528 | ---- | C] (SteelWerX) -- D:\Windows\SWSC.exe
[2011/12/28 15:17:02 | 000,060,416 | ---- | C] (NirSoft) -- D:\Windows\NIRCMD.exe
[2011/12/28 15:16:57 | 000,000,000 | ---D | C] -- D:\Windows\ERDNT
[2011/12/28 15:16:47 | 000,000,000 | ---D | C] -- D:\Qoobox
[2011/12/24 08:45:34 | 000,272,896 | ---- | C] (Progressive Networks) -- D:\Windows\System32\pncrt.dll
[2011/12/24 08:44:58 | 000,000,000 | ---D | C] -- D:\Users\Eichenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2011/12/24 08:44:39 | 000,000,000 | ---D | C] -- D:\Program Files\FreeTime
[2011/12/16 12:24:11 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Müller Foto
[2011/12/16 12:12:24 | 000,000,000 | ---D | C] -- D:\Program Files\Mueller Foto
[2010/08/25 12:59:08 | 000,004,096 | ---- | C] ( ) -- D:\Windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/29 05:26:55 | 000,067,584 | ---- | M] () -- D:\Windows\bootstat.dat
[2011/12/29 05:25:16 | 2384,932,864 | -HS- | M] () -- D:\hiberfil.sys
[2011/12/29 04:10:09 | 000,653,928 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2011/12/29 04:10:09 | 000,615,810 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2011/12/29 04:10:09 | 000,129,800 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2011/12/29 04:10:09 | 000,106,190 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2011/12/29 04:09:43 | 000,001,240 | ---- | M] () -- D:\Users\Eichenberg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/29 04:09:43 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/29 03:53:40 | 000,095,744 | ---- | M] (Kassl GmbH) -- D:\Users\Eichenberg\AppData\Roaming\dwlGina3.dll
[2011/12/29 03:10:38 | 000,381,100 | ---- | M] (sYhiglWP) -- D:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe
[2011/12/29 03:06:19 | 000,014,928 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 03:06:19 | 000,014,928 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/17 03:38:01 | 000,455,784 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2011/12/16 12:24:11 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Müller Foto
 
========== Files Created - No Company Name ==========
 
[2011/12/29 04:09:43 | 000,001,240 | ---- | C] () -- D:\Users\Eichenberg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/28 15:17:02 | 000,256,000 | ---- | C] () -- D:\Windows\PEV.exe
[2011/12/28 15:17:02 | 000,208,896 | ---- | C] () -- D:\Windows\MBR.exe
[2011/12/28 15:17:02 | 000,098,816 | ---- | C] () -- D:\Windows\sed.exe
[2011/12/28 15:17:02 | 000,080,412 | ---- | C] () -- D:\Windows\grep.exe
[2011/12/28 15:17:02 | 000,068,096 | ---- | C] () -- D:\Windows\zip.exe
[2011/03/19 04:47:37 | 000,111,932 | ---- | C] () -- D:\Windows\System32\EPPICPrinterDB.dat
[2011/03/19 04:47:37 | 000,031,053 | ---- | C] () -- D:\Windows\System32\EPPICPattern131.dat
[2011/03/19 04:47:37 | 000,027,417 | ---- | C] () -- D:\Windows\System32\EPPICPattern121.dat
[2011/03/19 04:47:37 | 000,026,154 | ---- | C] () -- D:\Windows\System32\EPPICPattern1.dat
[2011/03/19 04:47:37 | 000,024,903 | ---- | C] () -- D:\Windows\System32\EPPICPattern3.dat
[2011/03/19 04:47:37 | 000,021,390 | ---- | C] () -- D:\Windows\System32\EPPICPattern5.dat
[2011/03/19 04:47:37 | 000,020,148 | ---- | C] () -- D:\Windows\System32\EPPICPattern2.dat
[2011/03/19 04:47:37 | 000,011,811 | ---- | C] () -- D:\Windows\System32\EPPICPattern4.dat
[2011/03/19 04:47:37 | 000,004,943 | ---- | C] () -- D:\Windows\System32\EPPICPattern6.dat
[2011/03/19 04:47:37 | 000,001,146 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_DU.dat
[2011/03/19 04:47:37 | 000,001,139 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_PT.dat
[2011/03/19 04:47:37 | 000,001,139 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_BP.dat
[2011/03/19 04:47:37 | 000,001,136 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_ES.dat
[2011/03/19 04:47:37 | 000,001,129 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_FR.dat
[2011/03/19 04:47:37 | 000,001,129 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_CF.dat
[2011/03/19 04:47:37 | 000,001,120 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_IT.dat
[2011/03/19 04:47:37 | 000,001,107 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_GE.dat
[2011/03/19 04:47:37 | 000,001,104 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_EN.dat
[2011/03/19 04:47:37 | 000,000,097 | ---- | C] () -- D:\Windows\System32\PICSDK.ini
[2011/01/23 04:40:59 | 000,000,034 | ---- | C] () -- D:\Users\Eichenberg\AppData\Roaming\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011/01/23 04:40:56 | 000,000,033 | ---- | C] () -- D:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/10/09 10:17:32 | 000,000,425 | ---- | C] () -- D:\Windows\BRWMARK.INI
[2010/10/09 10:17:32 | 000,000,027 | ---- | C] () -- D:\Windows\BRPP2KA.INI
[2010/10/09 10:14:21 | 000,000,050 | ---- | C] () -- D:\Windows\System32\bridf08b.dat
[2010/10/03 07:59:21 | 000,116,224 | ---- | C] () -- D:\Windows\System32\pdfcmnnt.dll
[2010/10/02 10:31:08 | 000,044,544 | ---- | C] () -- D:\Windows\System32\GIF89.DLL
[2010/10/02 10:31:06 | 000,484,352 | ---- | C] () -- D:\Windows\System32\lame_enc.dll
[2010/10/02 07:52:20 | 000,140,288 | ---- | C] () -- D:\Windows\System32\igfxtvcx.dll
[2010/10/02 07:42:46 | 000,015,190 | ---- | C] () -- D:\Windows\M3000Twn.ini
[2010/10/02 07:26:36 | 000,134,592 | ---- | C] () -- D:\Windows\System32\igfcg500.bin
[2010/07/28 14:01:14 | 000,439,308 | ---- | C] () -- D:\Windows\System32\igcompkrng500.bin
[2010/07/28 14:01:12 | 000,092,356 | ---- | C] () -- D:\Windows\System32\igfcg500m.bin
[2010/07/28 14:01:10 | 000,982,240 | ---- | C] () -- D:\Windows\System32\igkrng500.bin
[2010/07/28 13:18:42 | 000,000,151 | ---- | C] () -- D:\Windows\System32\GfxUI.exe.config
[2010/07/28 13:14:38 | 000,208,896 | ---- | C] () -- D:\Windows\System32\iglhsip32.dll
[2010/07/28 13:14:38 | 000,143,360 | ---- | C] () -- D:\Windows\System32\iglhcp32.dll
[2009/08/27 14:04:44 | 000,557,003 | ---- | C] () -- D:\Windows\System32\libmplayer.dll
[2009/08/27 14:04:32 | 000,811,835 | ---- | C] () -- D:\Windows\System32\ff_x264.dll
[2009/08/27 14:03:52 | 004,456,201 | ---- | C] () -- D:\Windows\System32\libavcodec.dll
[2009/08/25 13:07:36 | 000,328,334 | ---- | C] () -- D:\Windows\System32\ff_kernelDeint.dll
[2009/08/25 12:38:04 | 000,425,040 | ---- | C] () -- D:\Windows\System32\TomsMoComp_ff.dll
[2009/08/25 11:56:56 | 000,829,781 | ---- | C] () -- D:\Windows\System32\xvidcore.dll
[2009/08/25 11:37:02 | 000,146,098 | ---- | C] () -- D:\Windows\System32\libmpeg2_ff.dll
[2009/08/11 15:21:26 | 000,087,552 | ---- | C] () -- D:\Windows\System32\ac3config.exe
[2009/07/30 02:17:12 | 000,002,048 | ---- | C] () -- D:\Windows\System32\EventLogMessages.dll
[2009/07/14 03:47:43 | 000,653,928 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2009/07/14 03:47:43 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2009/07/14 03:47:43 | 000,129,800 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2009/07/14 03:47:43 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2009/07/13 23:57:37 | 000,067,584 | ---- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,455,784 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,615,810 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,190 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
[2009/06/02 12:15:44 | 000,113,152 | ---- | C] () -- D:\Windows\System32\ff_unrar.dll
[2009/06/02 12:15:18 | 000,146,944 | ---- | C] () -- D:\Windows\System32\ff_tremor.dll
[2009/06/02 12:15:04 | 000,183,296 | ---- | C] () -- D:\Windows\System32\ff_samplerate.dll
[2009/06/02 12:14:56 | 000,178,688 | ---- | C] () -- D:\Windows\System32\ff_libmad.dll
[2009/06/02 12:14:30 | 000,486,400 | ---- | C] () -- D:\Windows\System32\ff_libfaad2.dll
[2009/06/02 12:13:58 | 000,257,024 | ---- | C] () -- D:\Windows\System32\ff_libdts.dll
[2009/06/02 12:13:50 | 000,142,848 | ---- | C] () -- D:\Windows\System32\ff_liba52.dll
[2009/06/02 12:11:26 | 000,098,304 | ---- | C] () -- D:\Windows\System32\ff_wmv9.dll
[2009/06/02 12:11:16 | 000,085,504 | ---- | C] () -- D:\Windows\System32\ff_vfw.dll
[2009/05/20 06:04:42 | 000,045,568 | ---- | C] () -- D:\Windows\System32\spdifer_config.exe
[2009/01/10 17:17:32 | 000,163,840 | ---- | C] () -- D:\Windows\System32\ts.dll
[2009/01/10 17:16:56 | 000,148,480 | ---- | C] () -- D:\Windows\System32\mkx.dll
[2009/01/10 17:16:50 | 000,108,032 | ---- | C] () -- D:\Windows\System32\avi.dll
[2009/01/10 17:16:14 | 000,141,312 | ---- | C] () -- D:\Windows\System32\mp4.dll
[2009/01/10 17:16:04 | 000,335,872 | ---- | C] () -- D:\Windows\System32\gdsmux.exe
[2009/01/10 17:15:54 | 000,120,832 | ---- | C] () -- D:\Windows\System32\ogm.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- D:\Windows\System32\mmfinfo.dll
[2009/01/10 17:15:36 | 000,103,424 | ---- | C] () -- D:\Windows\System32\dsmux.exe
[2009/01/10 17:15:32 | 000,102,400 | ---- | C] () -- D:\Windows\System32\avss.dll
[2009/01/10 17:15:28 | 000,246,784 | ---- | C] () -- D:\Windows\System32\dxr.dll
[2009/01/10 17:15:12 | 000,097,280 | ---- | C] () -- D:\Windows\System32\avs.dll
[2009/01/10 17:15:06 | 000,135,168 | ---- | C] () -- D:\Windows\System32\mkv2vfr.exe
[2009/01/10 17:14:08 | 000,079,360 | ---- | C] () -- D:\Windows\System32\mkzlib.dll
[2009/01/10 17:14:06 | 000,023,552 | ---- | C] () -- D:\Windows\System32\mkunicode.dll
[2008/12/03 17:11:50 | 000,180,224 | ---- | C] () -- D:\Windows\System32\xvidvfw.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- D:\Windows\System32\qt-dx331.dll
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- D:\Windows\System32\Registration.ini
[2003/05/09 17:36:30 | 000,151,744 | ---- | C] () -- D:\Windows\System32\ir32.dll
 
========== LOP Check ==========
 
[2010/10/02 07:17:03 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2010/10/02 09:57:01 | 000,000,000 | ---D | M] -- D:\ProgramData\CheckPoint
[2011/07/18 02:27:55 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/10/02 07:17:03 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2010/10/02 07:17:03 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/01/23 04:41:06 | 000,000,000 | ---D | M] -- D:\ProgramData\FreeRIP
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/10/02 07:17:03 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2010/10/02 07:45:10 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/12/21 10:55:38 | 000,000,000 | ---D | M] -- D:\ProgramData\tmp
[2010/10/02 07:17:03 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2011/07/18 02:02:46 | 000,032,630 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
hier ist der Link zum Combofix log den ich gesstern gepostet habe. Danach gings wieder

http://www.trojaner-board.de/107074-...en-laptop.html


Hilfe!

Gruß
David

 

Themen zu sbcvvhost_win86... schon wieder! oder immer noch?
.dll, antivir, autorun, avira, bho, bitte warten, cdrom, defender, desktop, disabletaskmgr, explorer, firefox, firewall, format, helper, internet, langs, launch, lenovo, logfiles, microsoft, mozilla thunderbird, nodrives, pdfforge toolbar, plug-in, problem, programm, progressive, registry, safer networking, scan, sched.exe, software, system32, win32, winlogon




Ähnliche Themen: sbcvvhost_win86... schon wieder! oder immer noch?


  1. DevOps Roadshow: Enwickelst Du noch oder lieferst Du schon?
    Nachrichten - 09.06.2015 (0)
  2. Windows 7 , PC stürzt immer wieder ab, nach säuberung mit Vipre immer noch viele verdächtig Datein im Autorun
    Log-Analyse und Auswertung - 15.01.2014 (12)
  3. WIN7: Reveton .. schon wieder ! Booten usw. geht alles noch
    Log-Analyse und Auswertung - 03.09.2013 (15)
  4. PWS:Win32/Zbot.gen!AJ schon gelöscht oder versteckt er sich noch?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (9)
  5. BKA-Trojaner - Noch da oder schon weg?
    Log-Analyse und Auswertung - 01.11.2012 (8)
  6. BAK Trojaner - System wieder zurückgestellt jedoch Dateien immer noch verschlüsselt
    Diskussionsforum - 12.07.2012 (1)
  7. Welche Viren waren oder sind immer noch die gefährlichsten?
    Diskussionsforum - 05.06.2012 (4)
  8. [doppelt] sbcvvhost_win86 - Rückfall oder Neuinfektion
    Mülltonne - 29.12.2011 (1)
  9. sbcvvhost_win86 GEMA-Trojaner - noch einer mit Problemen
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (10)
  10. Svchost.exe Weg oder immer noch da ?
    Plagegeister aller Art und deren Bekämpfung - 17.04.2011 (1)
  11. Svchost.exe Weg oder immer noch da?
    Mülltonne - 17.04.2011 (1)
  12. Backdoor oder Trojaner noch immer auf meinem System?
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (5)
  13. Pc friert immer wieder ein oder rebootet
    Log-Analyse und Auswertung - 21.12.2009 (0)
  14. Immer noch ständig Abstürze obwohl Rechner erst wieder neu gemacht -.-
    Log-Analyse und Auswertung - 16.10.2008 (2)
  15. TR/Rootkit.Gen immer noch da? oder schon gelöscht?
    Plagegeister aller Art und deren Bekämpfung - 01.05.2008 (12)
  16. Dialer installiert sich immer wieder - hab schon vieles versucht... need help!
    Plagegeister aller Art und deren Bekämpfung - 14.03.2006 (3)

Zum Thema sbcvvhost_win86... schon wieder! oder immer noch? - Hallo, ich hatte gestern schon mal das selbe Problem und am Ende funktionierte wieder alles. Heute hab ich ca. 5 min im Internet gesurft. Dann hat meine Firewall (ZoneAlarm) mir - sbcvvhost_win86... schon wieder! oder immer noch?...
Archiv
Du betrachtest: sbcvvhost_win86... schon wieder! oder immer noch? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.