|
Log-Analyse und Auswertung: explorer.exe stürzt ab/lädt neuWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.06.2008, 21:32 | #31 |
| explorer.exe stürzt ab/lädt neu ...und Anti-Malware hat Fake.Beep.Sys in System32 gefunden. Ich fühle mich leider noch nicht wirklich sicher. |
18.06.2008, 00:22 | #32 |
> MalwareDB | explorer.exe stürzt ab/lädt neu Alle Dateien in der Quarantäne die Du nicht kennst, kannst Du löschen.
__________________Aus der Quarantäne gelöschte Dateien sind gelöscht. In der Qurantäne kann man sie bei Bedarf immer wieder restaurieren. In Deinem Fall solltest Du noch einen Systemscan machen, stelle Antivir wie hier beschrieben ein und scanne. Das Logfile poste dann bitte hier. HJT und DSS kannst Du deinstallieren, dass werden wir nicht weiter brauchen.
__________________ |
18.06.2008, 17:22 | #33 |
| explorer.exe stürzt ab/lädt neu Hallo!
__________________...und wieder einmal herzlichen Dank, dass Du immer noch etwas schreibst! Hier mal ein paar Logs AntiVirXP Code:
ATTFilter Avira AntiVir Personal Report file date: Wednesday, June 18, 2008 15:23 Scanning for 1340302 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: MeinPCName Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 4/14/2008 21:32:13 AVSCAN.DLL : 8.1.1.0 53505 Bytes 4/14/2008 21:32:13 LUKE.DLL : 8.1.2.9 151809 Bytes 4/14/2008 21:32:13 LUKERES.DLL : 8.1.2.1 12033 Bytes 4/14/2008 21:32:13 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 20:39:04 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 12:36:23 ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 6/14/2008 00:06:42 ANTIVIR3.VDF : 7.0.4.210 116736 Bytes 6/17/2008 16:45:49 Engineversion : 8.1.0.55 AEVDF.DLL : 8.1.0.5 102772 Bytes 4/14/2008 21:32:13 AESCRIPT.DLL : 8.1.0.40 266618 Bytes 6/8/2008 19:32:34 AESCN.DLL : 8.1.0.21 119156 Bytes 6/8/2008 19:32:33 AERDL.DLL : 8.1.0.20 418165 Bytes 4/25/2008 15:24:09 AEPACK.DLL : 8.1.1.5 364918 Bytes 5/19/2008 15:23:33 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 4/19/2008 15:24:42 AEHEUR.DLL : 8.1.0.30 1253750 Bytes 6/8/2008 19:32:33 AEHELP.DLL : 8.1.0.15 115063 Bytes 5/29/2008 19:35:26 AEGEN.DLL : 8.1.0.28 307572 Bytes 6/8/2008 19:32:31 AEEMU.DLL : 8.1.0.6 430451 Bytes 5/9/2008 15:22:19 AECORE.DLL : 8.1.0.31 168310 Bytes 6/8/2008 19:32:31 AVWINLL.DLL : 1.0.0.7 14593 Bytes 4/14/2008 21:32:13 AVPREF.DLL : 8.0.0.1 25857 Bytes 4/14/2008 21:32:13 AVREP.DLL : 7.0.0.1 155688 Bytes 4/19/2007 20:23:53 AVREG.DLL : 8.0.0.0 30977 Bytes 4/14/2008 21:32:13 AVARKT.DLL : 1.0.0.23 307457 Bytes 4/14/2008 21:32:13 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 4/14/2008 21:32:13 SQLITE3.DLL : 3.3.17.1 339968 Bytes 4/14/2008 21:32:13 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 4/14/2008 21:32:13 NETNT.DLL : 8.0.0.1 7937 Bytes 4/14/2008 21:32:13 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 4/14/2008 21:32:09 RCTEXT.DLL : 8.0.32.0 86273 Bytes 4/14/2008 21:32:09 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: off Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: Wednesday, June 18, 2008 15:23 Starting search for hidden objects. '103544' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'MSASCui.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'type32.exe' - '1' Module(s) have been scanned Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned Scan process 'Apache.exe' - '1' Module(s) have been scanned Scan process 'UAService7.exe' - '1' Module(s) have been scanned Scan process 'UAService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'CNAB4RPK.EXE' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'Apache.exe' - '1' Module(s) have been scanned Scan process 'cvpnd.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'WinStylerThemeSvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 38 processes with 38 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '32' files ). Starting the file scan: Begin scan in 'C:\' <HDD> C:\pagefile.sys [WARNING] The file could not be opened! C:\System Volume Information\_restore{97773686-04FF-46B3-B6AD-E8F69D098FFD}\RP575\change.log [DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen [NOTE] The file was moved to '48ba1aac.qua'! End of the scan: Wednesday, June 18, 2008 16:31 Used time: 1:08:17 min The scan has been done completely. 21314 Scanning directories 376522 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 376521 Files not concerned 18257 Archives were scanned 1 Warnings 1 Notes 103544 Objects were scanned with rootkit scan 0 Hidden objects were found |
18.06.2008, 17:24 | #34 |
| explorer.exe stürzt ab/lädt neu HJT Log Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:32:30, on 18.06.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168120904062 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 6676 bytes |
18.06.2008, 17:26 | #35 |
| explorer.exe stürzt ab/lädt neu Anti-Malware Code:
ATTFilter Malwarebytes' Anti-Malware 1.17 Datenbank Version: 867 18:08:53 18.06.2008 mbam-log-6-18-2008 (18-08-53).txt Scan Art: Komplett Scan (C:\|) Objekte gescannt: 146737 Scan Dauer: 1 hour(s), 17 minute(s), 44 second(s) Infizierte Speicher Prozesse: 0 Infizierte Speicher Module: 0 Infizierte Registrierungsschl¸ssel: 0 Infizierte Registrierungswerte: 0 Infizierte Datei Objekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicher Prozesse: (Keine Malware Objekte gefunden) Infizierte Speicher Module: (Keine Malware Objekte gefunden) Infizierte Registrierungsschl¸ssel: (Keine Malware Objekte gefunden) Infizierte Registrierungswerte: (Keine Malware Objekte gefunden) Infizierte Datei Objekte der Registrierung: (Keine Malware Objekte gefunden) Infizierte Verzeichnisse: (Keine Malware Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Delete on reboot. |
18.06.2008, 19:59 | #36 | |
> MalwareDB | explorer.exe stürzt ab/lädt neu Klar schreib ich Diese Datei Zitat:
__________________ --> explorer.exe stürzt ab/lädt neu |
18.06.2008, 21:56 | #37 | |
| explorer.exe stürzt ab/lädt neu Nope - Ordner ist nun leer. Soll das heißen, ich kann wieder beruhigt sein? Kann ich noch was tun? Sonst arbeite ich wieder normal dran. :aplaus: Soll es das wirklich schon gewesen sein? Zitat:
|
18.06.2008, 22:00 | #38 |
> MalwareDB | explorer.exe stürzt ab/lädt neu Meiner Meinung nach, kann ich da nichts mehr finden und Du kannst an dem Rechner wieder arbeiten. Viel Spaß dabei und Ruhe vor neuenm Befall.
__________________ If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over[...]. Stuart Udall |
18.06.2008, 22:38 | #39 |
| explorer.exe stürzt ab/lädt neu Vielen Dank! > Ich bin Dir was schuldig! |
Themen zu explorer.exe stürzt ab/lädt neu |
adobe, antivir, application, avira, bonjour, defender, dll, excel, explorer.exe, helfen, hijack, hijackthis, icq, immer wieder, internet, internet explorer, messenger, micro, microsoft, neu, nvidia, object, rundll, software, system, vielen dank, viren, windows, windows defender, windows xp, windows xp sp3, xp sp3 |