Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner/Virus sbcvvhost_win86 behindert Zugriff auf Windows in allem Modi

Trojaner/Virus sbcvvhost_win86 behindert Zugriff auf Windows in allem Modi


Log-Analyse und Auswertung: Trojaner/Virus sbcvvhost_win86 behindert Zugriff auf Windows in allem Modi

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 26.12.2011, 01:14   #1
Doppelgrunz
 
Trojaner/Virus sbcvvhost_win86 behindert Zugriff auf Windows in allem Modi - Ausrufezeichen

Trojaner/Virus sbcvvhost_win86 behindert Zugriff auf Windows in allem Modi


Liebes Trojaner-Board,

ich habe, wie mittlerweile einige andere hier im Forum das Problem, dass mein Windows 7 komplett lahmgelegt wird. Da die Symptome ähnlich sind wie die von anderen hier beschriebenen (z.B., grauer Bildschirm nach booten mit der Message "Es besteht noch keine Internetverbindung, bitte warten"; task manager ist nicht aufrufbar, und wenn man den Computer runterfahren will kommt die Nachricht, dass der sbcvvhost_win86 Prozess das herunterfahren verhindert, starten im abgesicherten modus ergibt das gleiche Ergebnis und die registry ist blockiert...), bin ich mir relativ sicher, dass es sich um einen Trojaner handelt. Ich habe alle Einträge dazu hier im Forum gelesen und die log-files Extras.txt und OTL.txt nach einer abenteuerlichen aber erfolgreichen Reise durch die anderen Posts erstellt (Danke an dieser Stelle an die ausfürlichen Erklärungen, die es sogar einem Laien wie mir ermöglichen diese Schritte durchzuführen!!). Diese sind unten angeführt.

Wichtig ist noch zu erwähnen, dass ich mir diesen Trojaner eingefangen habe, als ich auf einer russischen Seite war (keine Ahnung ob das etwas über den Ursprung des Trojaners sagt) und dass mein Freeware Avira diesen Trojaner nicht entdeckt hat, Zonealarm allerdings fragte ob ich den Internetzugang dieses Programmes zulassen will (was ich natürlich verneint habe...danach kam sofort der graue Bildschirm), und dass die Rescue Disk von Kaspersky, die ich gestern zu Weihnachten geschenkt bekommen habe, zwar zwei weitere Trojaner gefunden hat (beide hatten mit Java zu tun), diesen sbcvvhost_win86 allerdings nicht. Wenn ich die Posts hier im Forum richtig deute, ist das sowieso ein sehr neuer Trojaner, auf den Kaspersky eventuell noch nicht reagiert hat (bevor ich den Virenscan über die Rescue Disc gemacht habe hatte ich alle Updates runtergeladen). Also, es scheint ein Problem zu sein dass noch wächst, und nur hier im Forum habe ich Hoffnung gefunden, dass ich meinen Computer noch retten kann und nicht format C: machen muss...

Hier die logfiles. Ich hoffe sehr dass ihr mir helfen könnt!

Danke im vorraus!

Extras.txt:

Code:
ATTFilter
 

OTL Extras logfile created on: 12/26/2011 12:19:05 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 359.27 Gb Free Space | 77.14% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\PPStream\PPStream.exe" = C:\Program Files (x86)\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- (PPStream Inc.)
"C:\Program Files (x86)\PPStream\PPSAP.exe" = C:\Program Files (x86)\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- (PPStream Inc)
"C:\Program Files (x86)\PPStream\PPStream.exe" = C:\Program Files (x86)\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- (PPStream Inc.)
"C:\Program Files (x86)\PPStream\PPSAP.exe" = C:\Program Files (x86)\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- (PPStream Inc)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\garry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
< End of report >
OTL.txt

Code:
ATTFilter
OTL logfile created on: 12/26/2011 12:19:05 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 359.27 Gb Free Space | 77.14% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (getPlusHelper) @C:\Program Files (x86) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) Logitech Webcam 200(UVC) -- C:\Windows\System32\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\System32\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (Ntfs) -- C:\Windows\System32\wbem\ntfs.mof ()
DRV:64bit: - (RTL8167) -- C:\Windows\System32\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\system32\DRIVERS\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\System32\drivers\b57nd60a.sys (Broadcom Corporation)
DRV - (Vsdatant) -- C:\Windows\SysWOW64\drivers\vsdatant.sys (Check Point Software Technologies LTD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\garry_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\garry_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\garry_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 E8 9F CC 86 75 CC 01  [binary data]
IE - HKU\garry_ON_C\..\URLSearchHook: {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - Reg Error: Key error. File not found
IE - HKU\garry_ON_C\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - Reg Error: Key error. File not found
IE - HKU\garry_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.1
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2011/08/26 18:45:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/08/21 03:59:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/04 08:09:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/30 15:42:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/04/02 10:57:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010/04/02 10:57:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\garry\AppData\Roaming\Mozilla\Extensions
[2010/04/02 10:57:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\garry\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/17 21:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\garry\AppData\Roaming\Mozilla\Firefox\Profiles\if8yly7h.default\extensions
[2010/03/20 14:42:16 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\garry\AppData\Roaming\Mozilla\Firefox\Profiles\if8yly7h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011/12/16 17:51:17 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\garry\AppData\Roaming\Mozilla\Firefox\Profiles\if8yly7h.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011/11/06 08:08:33 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\garry\AppData\Roaming\Mozilla\Firefox\Profiles\if8yly7h.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2010/04/25 07:13:38 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\garry\AppData\Roaming\Mozilla\Firefox\Profiles\if8yly7h.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/11/06 08:07:55 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\garry\AppData\Roaming\Mozilla\Firefox\Profiles\if8yly7h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011/12/17 21:46:25 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\garry\AppData\Roaming\Mozilla\Firefox\Profiles\if8yly7h.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011/03/26 19:43:53 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\garry\AppData\Roaming\Mozilla\Firefox\Profiles\if8yly7h.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011/06/25 12:34:58 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\garry\AppData\Roaming\Mozilla\Firefox\Profiles\if8yly7h.default\extensions\DTToolbar@toolbarnet.com
[2010/03/20 14:38:15 | 000,000,000 | ---D | M] (Prism for Firefox) -- C:\Users\garry\AppData\Roaming\Mozilla\Firefox\Profiles\if8yly7h.default\extensions\refractor@developer.mozilla.org
[2011/07/05 12:05:16 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Users\garry\AppData\Roaming\Mozilla\Firefox\Profiles\if8yly7h.default\extensions\toolbar@ask.com
[2010/06/14 17:31:50 | 000,000,943 | ---- | M] () -- C:\Users\garry\AppData\Roaming\Mozilla\Firefox\Profiles\if8yly7h.default\searchplugins\conduit.xml
[2011/11/06 08:07:58 | 000,003,915 | ---- | M] () -- C:\Users\garry\AppData\Roaming\Mozilla\Firefox\Profiles\if8yly7h.default\searchplugins\SweetIM Search.xml
[2011/11/06 08:07:49 | 000,003,915 | ---- | M] () -- C:\Users\garry\AppData\Roaming\Mozilla\Firefox\Profiles\if8yly7h.default\searchplugins\sweetim.xml
[2010/03/21 04:59:22 | 000,001,196 | ---- | M] () -- C:\Users\garry\AppData\Roaming\Mozilla\Firefox\Profiles\if8yly7h.default\searchplugins\winamp-search.xml
[2011/12/04 08:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/05 13:31:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/05/14 13:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- 
[2011/12/04 08:09:03 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011/11/06 08:14:31 | 000,000,000 | ---D | M] (FreeRIP Toolbar) -- C:\PROGRAM FILES (X86)\FREERIP TOOLBAR\FF
() (No name found) -- C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/12/04 08:09:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/05 12:19:00 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/10/03 09:20:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/03 09:20:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/03 09:20:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/03 09:20:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/03 09:20:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/03 09:20:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.1\PriceGongIE.dll (PriceGong)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files (x86)\FreeRIP Toolbar\IE\4.7\freeripToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files (x86)\FreeRIP Toolbar\IE\4.7\freeripToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKU\garry_ON_C\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\garry_ON_C\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3:64bit: - HKU\garry_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\garry_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\garry_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [WBhXTAWuFpmNyON] C:\Users\garry\AppData\Roaming\sbcvvhost_win86.exe (JqItwY)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\garry_ON_C..\Run: [{AC438F5B-8F71-9645-E9E6-312C38A5E9A0}]  File not found
O4 - HKU\garry_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\garry_ON_C..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKU\garry_ON_C..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\garry_ON_C..\Run: [WBhXTAWuFpmNyON] C:\Users\garry\AppData\Roaming\sbcvvhost_win86.exe (JqItwY)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\garry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\garry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\garry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\garry_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (C:\Users\garry\AppData\Roaming\sbcvvhost_win86.exe) - C:\Users\garry\AppData\Roaming\sbcvvhost_win86.exe (JqItwY)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\garry_ON_C Winlogon: Shell - (C:\Users\garry\AppData\Roaming\sbcvvhost_win86.exe) - C:\Users\garry\AppData\Roaming\sbcvvhost_win86.exe (JqItwY)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7242f609-0e0f-11e0-8158-001966d640e5}\Shell - "" = AutoRun
O33 - MountPoints2\{7242f609-0e0f-11e0-8158-001966d640e5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{975257b6-4a65-11df-b326-001966d640e5}\Shell - "" = AutoRun
O33 - MountPoints2\{975257b6-4a65-11df-b326-001966d640e5}\Shell\AutoRun\command - "" = E:\TmUnitedForever_Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/25 11:12:00 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011/12/25 00:56:01 | 000,095,744 | ---- | C] (Kassl GmbH) -- C:\Users\garry\AppData\Roaming\dwlGina3.dll
[2011/12/25 00:53:27 | 000,344,064 | ---- | C] (JqItwY) -- C:\Users\garry\AppData\Roaming\sbcvvhost_win86.exe
[2011/12/25 00:33:32 | 000,000,000 | ---D | C] -- C:\Users\garry\AppData\Roaming\Coew
[2011/12/25 00:33:32 | 000,000,000 | ---D | C] -- C:\Users\garry\AppData\Roaming\Cayvr
[2011/12/18 14:36:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/12/16 16:38:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/16 16:38:27 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/16 16:38:27 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/12/16 16:38:27 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/16 16:38:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/16 16:38:26 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/16 16:38:26 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/16 16:38:26 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2011/12/16 16:38:26 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/16 16:37:51 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/16 16:37:51 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/25 16:40:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/25 15:21:48 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/25 15:21:48 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/25 15:18:48 | 000,658,988 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/12/25 15:18:48 | 000,620,174 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/25 15:18:48 | 000,132,558 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/12/25 15:18:48 | 000,108,356 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/25 15:14:22 | 2566,365,184 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/25 00:56:01 | 000,095,744 | ---- | M] (Kassl GmbH) -- C:\Users\garry\AppData\Roaming\dwlGina3.dll
[2011/12/25 00:53:26 | 000,344,064 | ---- | M] (JqItwY) -- C:\Users\garry\AppData\Roaming\sbcvvhost_win86.exe
[2011/12/18 14:38:07 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/16 21:19:39 | 000,388,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/04 08:14:53 | 000,002,056 | ---- | M] () -- C:\Users\garry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/11/06 08:15:03 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/11/03 20:44:17 | 000,000,086 | ---- | C] () -- C:\Users\garry\AppData\default.pls
[2011/06/24 10:17:55 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2011/02/20 09:38:17 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/02/20 09:38:17 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/02/20 09:38:17 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/02/20 07:56:20 | 000,027,266 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/02/13 14:33:57 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011/02/13 14:33:57 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2010/11/09 20:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/11/09 20:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/11/09 20:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/04/02 10:46:26 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/20 14:02:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/07/23 02:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 02:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/07/23 02:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007/07/23 02:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 02:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/07/23 02:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/07/23 02:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/07/23 02:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/07/23 02:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007/04/27 03:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2011/12/25 00:47:48 | 000,000,000 | ---D | M] -- C:\Users\garry\AppData\Roaming\Cayvr
[2010/03/20 12:11:55 | 000,000,000 | ---D | M] -- C:\Users\garry\AppData\Roaming\CheckPoint
[2010/05/23 06:05:28 | 000,000,000 | ---D | M] -- C:\Users\garry\AppData\Roaming\ChessBase
[2011/12/25 14:42:20 | 000,000,000 | ---D | M] -- C:\Users\garry\AppData\Roaming\Coew
[2010/04/17 16:04:43 | 000,000,000 | ---D | M] -- C:\Users\garry\AppData\Roaming\DAEMON Tools Lite
[2011/02/14 02:17:23 | 000,000,000 | ---D | M] -- C:\Users\garry\AppData\Roaming\FinalMediaPlayer
[2010/12/22 17:49:00 | 000,000,000 | ---D | M] -- C:\Users\garry\AppData\Roaming\Free Mp3 Wma Ogg Converter
[2011/04/25 15:09:22 | 000,000,000 | ---D | M] -- C:\Users\garry\AppData\Roaming\MAGIX
[2011/03/27 15:05:00 | 000,000,000 | ---D | M] -- C:\Users\garry\AppData\Roaming\NCH Swift Sound
[2011/12/24 21:52:33 | 000,000,000 | ---D | M] -- C:\Users\garry\AppData\Roaming\ppstream
[2011/07/25 11:12:19 | 000,000,000 | ---D | M] -- C:\Users\garry\AppData\Roaming\ReactGames
[2010/04/02 10:57:37 | 000,000,000 | ---D | M] -- C:\Users\garry\AppData\Roaming\Thunderbird
[2010/03/20 07:14:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/04/18 12:03:22 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010/03/20 12:10:50 | 000,000,000 | ---D | M] -- C:\ProgramData\CheckPoint
[2010/03/20 16:10:08 | 000,000,000 | ---D | M] -- C:\ProgramData\ChessBase
[2010/04/17 16:04:50 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/03/20 07:14:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/03/20 07:14:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/11/06 08:14:42 | 000,000,000 | ---D | M] -- C:\ProgramData\FreeRIP
[2011/04/25 15:09:22 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2010/05/16 05:24:50 | 000,000,000 | ---D | M] -- C:\ProgramData\NCH Swift Sound
[2011/02/13 15:26:19 | 000,000,000 | ---D | M] -- C:\ProgramData\SafeNet Sentinel
[2011/02/13 14:35:06 | 000,000,000 | ---D | M] -- C:\ProgramData\SPSS
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/03/20 07:14:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/05/08 16:48:26 | 000,000,000 | ---D | M] -- C:\ProgramData\TrackMania
[2010/03/20 07:14:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/03/27 04:22:23 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2010/04/25 07:15:45 | 000,000,000 | ---D | M](C:\Users\Public\Desktop\Adobe 9 Reader ????) -- C:\Users\Public\Desktop\Adobe 9 Reader 安裝程式
[2010/04/25 07:15:45 | 000,000,000 | ---D | C](C:\Users\Public\Desktop\Adobe 9 Reader ????) -- C:\Users\Public\Desktop\Adobe 9 Reader 安裝程式
< End of report >

 

Themen zu Trojaner/Virus sbcvvhost_win86 behindert Zugriff auf Windows in allem Modi
0x00000001, avira, bho, bildschirm, bitte warten, booten, c:\windows\system32\rundll32.exe, checkpoint, computer, desktop, disabletaskmgr, error, firefox, flash player, grauer bildschirm, home, install.exe, kaspersky, langs, mozilla thunderbird, mp3, object, ogg, problem, prozess, realtek, registery, registry, reparatur, rojaner gefunden, scan, sched.exe, security, security scan, software, starten, trojaner, trojaner eingefangen, trojaner gefunden, trojaner-board, trojaner/virus, updates, version=1.0, webcheck, win 7, windows, wma


« Windows blockiert aus SIcherheitsgründen | 50€ Virus - am verzweifeln... »


Ähnliche Themen: Trojaner/Virus sbcvvhost_win86 behindert Zugriff auf Windows in allem Modi


  1. Trojaner behindert das arbeiten mit den pc
    Plagegeister aller Art und deren Bekämpfung - 12.09.2015 (29)
  2. BKA/AKM Virus, WinXP Laptop lässt sich weder im normalen noch in einem der abgesicherten Modi starten
    Log-Analyse und Auswertung - 08.01.2015 (7)
  3. Virus (vermutlich am Router) welcher Google-Bilder Suche behindert.
    Plagegeister aller Art und deren Bekämpfung - 29.08.2014 (4)
  4. GUV Trojaner/Windows764bit/abges. modi FAIL
    Plagegeister aller Art und deren Bekämpfung - 07.07.2013 (4)
  5. GVU Trojaner, auch im abgespeicherten Modi
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (3)
  6. Windows Update Trojaner startet nicht in keinem Abgesicherten Modi. Bitte um Hilfe!
    Mülltonne - 14.06.2012 (1)
  7. Virus sbcvvhost_win86 Änderung Regedit durch Fix
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (21)
  8. Infektion mit sbcvvhost_win86 auf Windows 7
    Plagegeister aller Art und deren Bekämpfung - 02.01.2012 (10)
  9. Trojaner Sbcvvhost_win86 hindert Windows zu starten
    Log-Analyse und Auswertung - 31.12.2011 (22)
  10. sbcvvhost_win86 blockiert windows vista
    Log-Analyse und Auswertung - 29.12.2011 (3)
  11. Virus sbcvvhost_win86
    Plagegeister aller Art und deren Bekämpfung - 27.12.2011 (3)
  12. Trojaner sbcvvhost_win86 blockiert Windows System
    Plagegeister aller Art und deren Bekämpfung - 23.12.2011 (7)
  13. Windows 7 (32 Bit) bleibt ständig hängen, vor allem bei Nutzung von Firefox
    Log-Analyse und Auswertung - 25.06.2011 (9)
  14. Virus/Trojaner oder von allem etwas?
    Log-Analyse und Auswertung - 10.08.2009 (82)
  15. Virus (?) verlangsamt Laptop und behindert Google
    Plagegeister aller Art und deren Bekämpfung - 15.07.2008 (1)
  16. Virus behindert Tastatur und System
    Plagegeister aller Art und deren Bekämpfung - 28.12.2007 (6)
  17. Trojaner - vor allem TR/Vundo.Gen
    Log-Analyse und Auswertung - 09.11.2007 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner/Virus sbcvvhost_win86 behindert Zugriff auf Windows in allem Modi - Liebes Trojaner-Board, ich habe, wie mittlerweile einige andere hier im Forum das Problem, dass mein Windows 7 komplett lahmgelegt wird. Da die Symptome ähnlich sind wie die von anderen hier - Trojaner/Virus sbcvvhost_win86 behindert Zugriff auf Windows in allem Modi...
Archiv
Du betrachtest: Trojaner/Virus sbcvvhost_win86 behindert Zugriff auf Windows in allem Modi auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131