|
Log-Analyse und Auswertung: explorer.exe stürzt ab/lädt neuWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.06.2008, 22:51 | #1 |
| explorer.exe stürzt ab/lädt neu Hallo Forum, dies ist mein erster Eintrag hier (wie Ihr ja sehen könnt) Nach 2 Jahren ohne Viren hat es mich nun auch erwischt - so glaube ich zumindest. Nach dem logon in Windows startet die explorer.exe immer wieder neu. Nun habe ich mal HijackThis durchlaufen lassen, und sehe da eigentlich nix böses (muss aber gestehen, dass ich nicht viel Ahnung habe). Ich wäre Euch so dankbar, wenn Ihr mir helfen könntet - ich muss doch morgen in der Uni wieder mitschreiben.... Im Voraus sehr vielen Dank!!!!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:24:25, on 15.06.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CNAB4RPK.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\UAService.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Launchy\Launchy.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\TuneUp Utilities 2006\Integrator.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe G:\HiJackThis.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168120904062 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 7413 bytes |
16.06.2008, 00:03 | #2 |
> MalwareDB | explorer.exe stürzt ab/lädt neu Launchy hab ich schon in Zusammenhang mit Problemen gehört. Kann hier aber am SP3 liegen.
__________________Deckards System Scanner (DSS) Hier gibt es das Tool -> dss.exe * Schließe alle Anwendungen * Doppelklicke dss.exe um das Programm zu starten * Wenn der Scan abgeschlossen ist wird sich ein Notepad mit dem Inhalt der main.txt öffnen. Ein weiteres Logfile, die extra.txt liegt im Verzeichnis c:\Deckard\SystemScanner\extra.txt * Kopiere den Inhalt der beiden Logfiles in diesen Thread, bitte als [CODE][/CODE] Was Deckards System Scanner macht: * Es Erstellt einen System Wiederherstellungspunkt * es säubert die temporären Dateien, Downloaded Program Files, Internet Cache Dateien und es leert den Mülleimer auf allen Laufwerken.
__________________ |
16.06.2008, 00:36 | #3 |
| explorer.exe stürzt ab/lädt neu Hallo BataAlexander,
__________________vielen Dank für deinen post. Also: Ich habe Spybot Search&Destroy noch einmal laufen lassen > hat einige Probleme gefunden. AntiVir XP dann auch noch einmal > nix. Im SafeMode tritt das Problem auch auf. Dann habe ich Knoppicillin runtergeladen und von CD laufen lassen. Hat auch ein paar Sachen gefunden. Kann jetzt wieder "normal" booten - jedoch ist die Auslastung immer bei 40-50%, ohne dass ich was offen habe. Ich werde jetzt mal deinen Vorschlag probieren. Habe vielen Dank! So, hier: Code:
ATTFilter Deckard's System Scanner v20071014.68 Run by Toni on 2008-06-16 01:38:16 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 283: 2008-06-15 23:38:34 UTC - RP571 - Deckard's System Scanner Restore Point 282: 2008-06-14 19:02:31 UTC - RP570 - Last known good configuration 281: 2008-06-14 19:02:15 UTC - RP569 - Software Distribution Service 3.0 280: 2008-06-14 19:02:15 UTC - RP568 - System Checkpoint 279: 2008-06-14 19:02:15 UTC - RP567 - Installed Windows Media Player Firefox Plugin -- First Restore Point -- 1: 2008-06-14 18:56:54 UTC - RP289 - Installed Adobe Photoshop Lightroom. Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-06-16 01:39:49 Platform: Windows XP Service Pack 3 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\system32\CNAB4RPK.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe C:\WINDOWS\system32\alg.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe G:\dss.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie?hl={SUB_RFC1766} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie?hl={SUB_RFC1766} R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com/preferences?hl={SUB_RFC1766} O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1FBF1F47-46AE-4578-BAEB-06E3D7B7F57E} - C:\WINDOWS\system32\fcccdaxw.dll (file missing) O2 - BHO: (no name) - {39CEF1D5-A3CE-443C-A113-8CC473D46259} - C:\WINDOWS\system32\qoMeCSKe.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll O2 - BHO: (no name) - {E0580FD9-2BA1-4679-A259-8154202C3038} - C:\WINDOWS\system32\cbXQiIxY.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [SpybotDeletingA5588] command /c del "C:\WINDOWS\system32\fcccdaxw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC5379] cmd /c del "C:\WINDOWS\system32\fcccdaxw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA7819] command /c del "C:\WINDOWS\system32\qoMeCSKe.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC5181] cmd /c del "C:\WINDOWS\system32\qoMeCSKe.dll_old" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168120904062 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - Winlogon Notify: cbXQiIxY - C:\WINDOWS\system32\cbXQiIxY.dll O20 - Winlogon Notify: winrnt32 - C:\WINDOWS\system32\winrnt32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 9938 bytes -- File Associations ----------------------------------------------------------- .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%* .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%* .js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2 .js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 Sentinel - c:\windows\system32\drivers\sentinel.sys S3 BLKWGU(Belkin) (Belkin Wireless G USB Network Adapter(Belkin)) - c:\windows\system32\drivers\blkwgu.sys (file missing) S3 btaudio (Bluetooth Audio Device) - c:\windows\system32\drivers\btaudio.sys (file missing) S3 BTDriver (Bluetooth Virtual Communications Driver) - c:\windows\system32\drivers\btport.sys (file missing) S3 btwhid - c:\windows\system32\drivers\btwhid.sys (file missing) S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\windows\system32\drivers\btwusb.sys (file missing) S3 LMouKE (Logitech SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing) S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - c:\program files\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; AntiVir Workstation> R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Bonjour Service (Bonjour-Dienst) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module> R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server> R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog> R2 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "c:\program files\tuneup utilities 2006\winstylerthemesvc.exe" <Not Verified; TuneUp Software GmbH; TuneUp Utilities> R2 UserAccess (SecuROM User Access Service) - c:\windows\system32\uaservice.exe R2 UserAccess7 (SecuROM User Access Service (V7)) - c:\windows\system32\uaservice7.exe -- Device Manager: Disabled ---------------------------------------------------- Class GUID: Description: Device ID: ACPI\AWY0001\2&DABA3FF&0 Manufacturer: Name: PNP Device ID: ACPI\AWY0001\2&DABA3FF&0 Service: Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA -- Scheduled Tasks ------------------------------------------------------------- 2008-06-16 01:07:38 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job 2008-06-12 23:51:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2008-06-06 17:16:11 388 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job -- Files created between 2008-05-16 and 2008-06-16 ----------------------------- 2027-09-14 15:29:06 0 d--h----- C:\WINDOWS\PIF 2008-06-16 01:09:45 344 --ahs---- C:\WINDOWS\system32\eKSCeMoq.ini2 2008-06-16 00:41:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-16 00:15:36 0 dr-h----- C:\Documents and Settings\Toni\Recent 2008-06-14 20:56:43 596916 --ahs---- C:\WINDOWS\system32\wxadcccf.ini2 2008-06-14 20:51:33 32256 --a------ C:\WINDOWS\system32\winrnt32.dll 2008-06-14 20:51:22 34304 --a------ C:\WINDOWS\system32\cbXQiIxY.dll 2008-06-13 00:16:34 0 d-------- C:\Program Files\PhotomatixPro3 2008-05-22 20:26:19 0 d-------- C:\Documents and Settings\Toni\Application Data\vlc 2008-05-22 20:02:05 0 d-------- C:\Program Files\VideoLAN 2008-05-20 17:41:52 0 d-------- C:\Program Files\Bonjour 2008-05-20 17:41:46 0 d-------- C:\Program Files\Airfoil Speakers -- Find3M Report --------------------------------------------------------------- 2008-06-14 12:12:15 0 d-------- C:\Program Files\Mozilla Thunderbird 2008-06-14 11:52:36 0 d-------- C:\Program Files\OALD 2008-06-02 22:56:35 341 --a------ C:\WINDOWS\system32\lsprst7.dll 2008-05-25 21:31:49 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-05-15 02:06:50 0 --a------ C:\WINDOWS\system32\ssprs.dll 2008-05-15 02:06:50 0 --a------ C:\WINDOWS\system32\serauth2.dll 2008-05-15 02:06:50 0 --a------ C:\WINDOWS\system32\serauth1.dll 2008-05-15 02:06:50 0 --a------ C:\WINDOWS\system32\nsprs.dll 2008-05-15 02:06:50 1024 --a------ C:\WINDOWS\system32\clauth2.dll 2008-05-15 02:06:50 1024 --a------ C:\WINDOWS\system32\clauth1.dll 2008-05-15 02:04:33 1025 --a------ C:\WINDOWS\system32\sysprs7.dll 2008-05-11 01:18:14 0 d-------- C:\Program Files\Messenger 2008-05-11 01:17:57 0 d-------- C:\Program Files\Movie Maker 2008-05-11 01:15:35 0 d-------- C:\Program Files\Windows NT 2008-05-07 18:53:42 0 d-------- C:\Documents and Settings\Toni\Application Data\ICQ 2008-05-07 15:13:51 0 d-------- C:\Program Files\ICQ6 2008-05-07 15:08:23 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-01 20:51:24 0 d-------- C:\Program Files\Common Files\Adobe 2008-05-01 20:51:04 0 d-------- C:\Documents and Settings\Toni\Application Data\Adobe 2008-05-01 20:45:49 0 d-------- C:\Program Files\Common Files 2008-04-24 01:19:57 0 d-------- C:\Documents and Settings\Toni\Application Data\Mask Pro 4.0 2008-04-22 18:11:29 0 d-------- C:\Documents and Settings\Toni\Application Data\Launchy 2008-04-22 18:11:21 0 d-------- C:\Program Files\Launchy 2008-04-20 23:35:33 0 d-------- C:\Program Files\Apple Software Update 2008-04-17 21:55:33 0 d-------- C:\Program Files\Langenscheidt 2008-04-12 16:04:31 268 -r-h----- C:\Documents and Settings\Toni\Application Data\Documentation -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FBF1F47-46AE-4578-BAEB-06E3D7B7F57E}] C:\WINDOWS\system32\fcccdaxw.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39CEF1D5-A3CE-443C-A113-8CC473D46259}] C:\WINDOWS\system32\qoMeCSKe.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0580FD9-2BA1-4679-A259-8154202C3038}] 14.06.2008 20:51 34304 --a------ C:\WINDOWS\system32\cbXQiIxY.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [24.01.2006 12:15] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [20.05.2005 03:11] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07.09.2005 16:35] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [03.06.2004 10:51] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [14.04.2008 23:32] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 02:12] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28.01.2008 11:43] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck "SpybotDeletingA5588"=command /c del "C:\WINDOWS\system32\fcccdaxw.dll_old" "SpybotDeletingC5379"=cmd /c del "C:\WINDOWS\system32\fcccdaxw.dll_old" "SpybotDeletingA7819"=command /c del "C:\WINDOWS\system32\qoMeCSKe.dll_old" "SpybotDeletingC5181"=cmd /c del "C:\WINDOWS\system32\qoMeCSKe.dll_old" C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ ColorVisionStartup.lnk - C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe [1/31/2006 12:23:15 PM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"=1 (0x1) "ClearRecentDocsOnExit"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{E0580FD9-2BA1-4679-A259-8154202C3038}"= C:\WINDOWS\system32\cbXQiIxY.dll [14.06.2008 20:51 34304] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXQiIxY] cbXQiIxY.dll 14.06.2008 20:51 34304 C:\WINDOWS\system32\cbXQiIxY.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrnt32] winrnt32.dll 14.06.2008 20:51 32256 C:\WINDOWS\system32\winrnt32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\qoMeCSKe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart "E06DDXRC_2352296"="C:\Program Files\Microsoft Encarta\Encarta 2006 Enzyklopaedie\EDICT.EXE" -m "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe "ICQ"="C:\PROGRA~1\ICQ6\ICQ.exe" silent "Airfoil Speakers"="C:\Program Files\Airfoil Speakers\AirfoilSpeakers.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "nwiz"=nwiz.exe /install "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "ScanSoft OmniPage 16-reminder"="C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 16\Ereg\Ereg.ini" "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp napagent hkmsvc -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8724 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-06-16 01:41:27 ------------ Geändert von macbeth (16.06.2008 um 00:43 Uhr) Grund: etwas eingefügt |
16.06.2008, 00:50 | #4 |
| explorer.exe stürzt ab/lädt neu Hier die andere. Habt tausend Dank für eure Hilfe! Code:
ATTFilter Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 3.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ Percentage of Memory in Use: 24% Physical Memory (total/avail): 2030.48 MiB / 1534.9 MiB Pagefile Memory (total/avail): 3365.38 MiB / 3011.55 MiB Virtual Memory (total/avail): 2047.88 MiB / 1907.26 MiB C: is Fixed (NTFS) - 298.08 GiB total, 132.39 GiB free. D: is CDROM (No Media) G: is Removable (FAT) \\.\PHYSICALDRIVE0 - ST3320620AS - 298.09 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 298.08 GiB - C: \\.\PHYSICALDRIVE1 - VBTM Store'n'go USB Device - 949.15 MiB - 1 partition \PARTITION0 (bootable) - Win95 w/Extended Int 13 - 953.5 MiB - G: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Toni\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=FELIX ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Toni LOGONSERVER=\\FELIX NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\PROGRA~1\COMMON~1\AUTODE~1;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=4b02 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Toni\LOCALS~1\Temp TMP=C:\DOCUME~1\Toni\LOCALS~1\Temp USERDOMAIN=FELIX USERNAME=Toni USERPROFILE=C:\Documents and Settings\Toni windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Toni (admin) Administrator (admin) Guest (guest) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A} Airfoil Speakers --> "C:\Program Files\Airfoil Speakers\Uninstall Airfoil Speakers.exe" Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9 AutoCAD 2000 - Deutsch --> C:\WINDOWS\unin0407.exe -fC:\PROGRA~1\ACAD2000\DeIsL1.isu -c"C:\PROGRA~1\ACAD2000\unacad.dll Avira AntiVir Personal ñ Free Antivirus --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} Canon LBP2900 --> C:\Program Files\Canon\PrnUninstall\Canon LBP2900\CNAB4UN.EXE Cisco Systems VPN Client 5.0.02.0090 --> MsiExec.exe /X{871DF2BE-41D2-4334-AC33-839AF16FC8FE} DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Duden Korrektor PLUS --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{910BEE2C-3C2F-4DC0-9FF0-61DD5F5E8E47} DVD Decrypter (Remove Only) --> "C:\Program Files\DVDrips\DVDdecrypter\uninstall.exe" DVD Shrink 3.2 --> "C:\Program Files\DVDrips\DVDshrink\unins000.exe" e-Dictionaries --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}\setup.exe" anything English Pronouncing Dictionary --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Cambridge\EPD\Uninst.isu" Exif-Viewer 2.44 --> C:\WINDOWS\uninstall\Exif-Viewer\setup.exe FileZilla Client 3.0.8.1 --> C:\Program Files\FileZilla FTP Client\uninstall.exe Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe HijackThis 2.0.2 --> "G:\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" ICQ6 --> "C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} L&H TTS3000 Deutsch --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSGED.inf, Uninstall Launchy 2.0 --> "C:\Program Files\Launchy\unins000.exe" Lightroom --> MsiExec.exe /I{D4134B0B-EA9B-4835-A77A-60BEE6277101} Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Encarta 2006 Enzyklop‰die --> MsiExec.exe /I{06100000-3E21-46D6-9A91-D927BA08F41D} Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033 Office-Bibliothek 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{54971F17-9D16-4D43-95D6-3A86E3D20EDB}\setup.exe" -uninst PC-Bibliothek --> C:\WINDOWS\unin0407.exe -f"c:\program files\Duden\DeIsL1.isu" -c"c:\program files\Duden\_ISREG32.DLL" Photomatix Pro version 3.0.3RC2 --> "C:\Program Files\PhotomatixPro3\unins000.exe" PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 RipIt4Me --> C:\Program Files\DVDrips\RipIt4Me\Uninstal.exe ScanSoft OmniPage 16 --> MsiExec.exe /I{DF74C7BA-5C9F-4F17-8B6F-5ECE08280F34} ScanSoft PDF Create! 4 --> MsiExec.exe /I{67EC0AB2-8CF7-4415-9F70-7FBC593C0D5E} Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Spyder2 --> C:\WINDOWS\unvise32.exe C:\Program Files\ColorVision\Spyder2\uninstal.log TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926} VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe Visual C++ 8.0 CRT (x86) WinSXS MSM --> MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E} Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe XML Paper Specification Shared Components Pack 1.0 --> xp-AntiSpy 3.93 --> C:\Program Files\xp-AntiSpy\uninst.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type6444 / Warning Event Submitted/Written: 06/16/2008 01:03:25 AM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type6357 / Warning Event Submitted/Written: 06/16/2008 00:16:39 AM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type6355 / Warning Event Submitted/Written: 06/16/2008 00:15:42 AM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type6118 / Warning Event Submitted/Written: 06/15/2008 11:07:16 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type6117 / Error Event Submitted/Written: 06/15/2008 10:09:54 PM Event ID/Source: 8193 / VSS Event Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ No Errors/Warnings found. -- End of Deckard's System Scanner: finished at 2008-06-16 01:41:27 ------------ |
16.06.2008, 00:57 | #5 |
> MalwareDB | explorer.exe stürzt ab/lädt neu Ich werde erst morgen dazu kommen die Logs durchzusehen.
__________________ If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over[...]. Stuart Udall |
16.06.2008, 01:05 | #6 |
| explorer.exe stürzt ab/lädt neu Wow. Ihr seid ja lieb hier! Mache Dir bitte keinen unnötigen Stress! Tausend Dank! Eigentlich funzt (es scheint wieder alles normal - bin aber sehr skeptisch!!!) es im Moment wieder - ich poste noch mal die aktuelle HiJackThis... |
16.06.2008, 01:09 | #7 |
| explorer.exe stürzt ab/lädt neu So. Hier die neuere Version. Ich traue dem Braten noch nicht!!! Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:01:04, on 16.06.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\CNAB4RPK.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1FBF1F47-46AE-4578-BAEB-06E3D7B7F57E} - C:\WINDOWS\system32\fcccdaxw.dll (file missing) O2 - BHO: (no name) - {39CEF1D5-A3CE-443C-A113-8CC473D46259} - C:\WINDOWS\system32\qoMeCSKe.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: (no name) - {E0580FD9-2BA1-4679-A259-8154202C3038} - C:\WINDOWS\system32\cbXQiIxY.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168120904062 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: cbXQiIxY - C:\WINDOWS\SYSTEM32\cbXQiIxY.dll O20 - Winlogon Notify: winrnt32 - C:\WINDOWS\SYSTEM32\winrnt32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 8665 bytes Hier noch Bilder des Taskmanagers und des Autostarts (welche Einträge kann ich eigentlich löschen? *hmmmm?*): Geändert von macbeth (16.06.2008 um 01:25 Uhr) Grund: Infos hinzugefügt |
16.06.2008, 07:14 | #8 |
> MalwareDB | explorer.exe stürzt ab/lädt neu Gehe wiefolgt vor Bitte öffne Deine HijackThis nochmal und scanne. Check die klickboxen neben den Einträgen die untenstehend gelistet sind. O2 - BHO: (no name) - {1FBF1F47-46AE-4578-BAEB-06E3D7B7F57E} - C:\WINDOWS\system32\fcccdaxw.dll (file missing) O2 - BHO: (no name) - {39CEF1D5-A3CE-443C-A113-8CC473D46259} - C:\WINDOWS\system32\qoMeCSKe.dll O2 - BHO: (no name) - {E0580FD9-2BA1-4679-A259-8154202C3038} - C:\WINDOWS\system32\cbXQiIxY.dll O20 - Winlogon Notify: cbXQiIxY - C:\WINDOWS\SYSTEM32\cbXQiIxY.dll O20 - Winlogon Notify: winrnt32 - C:\WINDOWS\SYSTEM32\winrnt32.dll (file missing)dann Klicke Fix Checked. Schließe HiJackThis. Reboot im abgesicherten Modus. Benutze den Windows Explorer (um dahin zu kommen, mache einen Rechtsklick auf dem Start Button und klicke auf "Explorer"), bitte lösche diese Dateien (wenn vorhanden): C:\WINDOWS\system32\eKSCeMoq.ini2 C:\WINDOWS\system32\wxadcccf.ini2 C:\WINDOWS\system32\winrnt32.dll C:\WINDOWS\system32\cbXQiIxY.dll C:\WINDOWS\system32\ssprs.dll C:\WINDOWS\system32\serauth2.dll C:\WINDOWS\system32\serauth1.dll C:\WINDOWS\system32\nsprs.dll C:\WINDOWS\system32\clauth2.dll C:\WINDOWS\system32\clauth1.dll C:\WINDOWS\system32\sysprs7.dll C:\WINDOWS\system32\fcccdaxw.dll C:\WINDOWS\system32\qoMeCSKe.dll Dann starte den Rechner im normalen Modus neu. Markiere die Dateien dann wiefolgt Beispiele: C:\WINDOWS\system32\qoMeCSKe.dll ->gefunden, gelöscht C:\WINDOWS\system32\qoMeCSKe.dll -> nicht gefunden, nicht gelöscht C:\WINDOWS\system32\qoMeCSKe.dll -> gefunden, nicht löschbar Dann lasse Malwarebytes laufen und poste dessen Logfile zusammen mit einem neuen HijackThis Logfile.
__________________ If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over[...]. Stuart Udall |
16.06.2008, 16:23 | #9 |
| explorer.exe stürzt ab/lädt neu EDIT: Habe Spybot im abgesicherten Modus laufen lassen - 4 Funde, die ich gelöscht habe. Danach ging es. Dann habe ich mich an deine Liste gemacht. Also: Beispiel: bla bla bla ... (gefunden?, gelöscht?) C:\WINDOWS\system32\eKSCeMoq.ini2 (nein, nein) C:\WINDOWS\system32\wxadcccf.ini2 (nein, nein) C:\WINDOWS\system32\winrnt32.dll (ja, konnte nicht) C:\WINDOWS\system32\cbXQiIxY.dll (ja, konnte nicht) C:\WINDOWS\system32\ssprs.dll (ja, ja) > was ist mit ssprs.tgz? C:\WINDOWS\system32\serauth2.dll (ja, ja) C:\WINDOWS\system32\serauth1.dll (ja, ja) C:\WINDOWS\system32\nsprs.dll (ja, ja) > was ist mit nsprs.tgz? C:\WINDOWS\system32\clauth2.dll (ja, ja) C:\WINDOWS\system32\clauth1.dll (ja, ja) C:\WINDOWS\system32\sysprs7.dll (ja, ja) > was ist mit sysprs7.tgz? C:\WINDOWS\system32\fcccdaxw.dll (nein, nein) C:\WINDOWS\system32\qoMeCSKe.dll (ja, ja) > aber mit _old hinter .dll ?? Mache weiter... "Alter" Post: Hallo. Wenn ich im abgesicherten Modus starte, dann lädt er auch wieder die explorer.exe, nur um sie 2 Sekunden später wieder zu schließen. Komisch - gestern ging es kurz. Habe es geschafft, die von Dir angegebenen Einträge mit HijackThis zu löschen. Er gab aber eine Fehlermeldung, dass diese Programme in Benutzung sind und somit nicht gelöscht werden können. Trotzdem scheinen sie nun verschwunden zu sein. Ist halt schwierig, im Explorer irgendwo hinzukommen, wenn der explorer immer abschmiert. Da muss man sehr schnell sein... Ich versuche es weiter! Habt vielen Dank für die tolle Hilfe! Geändert von macbeth (16.06.2008 um 17:08 Uhr) Grund: geht wieder |
16.06.2008, 18:29 | #10 |
> MalwareDB | explorer.exe stürzt ab/lädt neu Bitte lasse Malwarebytes einmal wie beschrieben durchlaufen und poste das Logfile.
__________________ If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over[...]. Stuart Udall |
16.06.2008, 18:58 | #11 | |
| explorer.exe stürzt ab/lädt neuZitat:
Der scannt schon seit 2 Stunden - bis jetzt noch nix. Ich werde etwas posten, sobald er fertig ist. PS: Also, Spybot hat "Virtumonde" gefunden. Einmal in HKEY_LOCAL_MCHINE\Software\... und eine .dll in Windows\system32\rqRLbyxv.dll_old. Beide sollte er eigentlich gelöscht haben, mal sehen. Ich weiß gar nicht, wie ich Dir danken soll - mal abwarten. SUPER! |
16.06.2008, 19:17 | #12 |
| explorer.exe stürzt ab/lädt neu Na jetzt geht es abba los!! Also, Malwarebytes ist komplett durchgelaufen. Hat um die 7 Probleme gefunden, manche konnte er nicht reparieren - erst Neustart erforderlich. Also, Neustart. Jetzt meldet sich AntiVir XP sofort nach dem Start (explorer.exe noch nicht einmal geladen) und sagt: C:\WINDOWS\system32\cbXQIxY.dll Is the Trojan horse TR/Trash.Gen An dem Punkt bin ich nun. Was soll ich AntiVir sagen? Löschen? Deny access? Move to quarantine? ...? Vielen Dank! |
16.06.2008, 20:47 | #13 |
| explorer.exe stürzt ab/lädt neu Hier die Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.17 Datenbank Version: 861 20:03:01 16.06.2008 mbam-log-6-16-2008 (20-03-01).txt Scan Art: Komplett Scan (C:\|) Objekte gescannt: 173667 Scan Dauer: 1 hour(s), 41 minute(s), 27 second(s) Infizierte Speicher Prozesse: 0 Infizierte Speicher Module: 2 Infizierte Registrierungsschl¸ssel: 5 Infizierte Registrierungswerte: 1 Infizierte Datei Objekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicher Prozesse: (Keine Malware Objekte gefunden) Infizierte Speicher Module: C:\WINDOWS\system32\cbXQiIxY.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\hgGabawv.dll (Trojan.Vundo) -> Unloaded module successfully. Infizierte Registrierungsschl¸ssel: HKEY_CLASSES_ROOT\CLSID\{e0580fd9-2ba1-4679-a259-8154202c3038} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e0580fd9-2ba1-4679-a259-8154202c3038} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxqiixy (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e0580fd9-2ba1-4679-a259-8154202c3038} (Trojan.Vundo) -> Quarantined and deleted successfully. Infizierte Datei Objekte der Registrierung: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine Malware Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\cbXQiIxY.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\hgGabawv.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. AntiVir schlägt jetzt im Minutentakt Alarm. Ich move die Dateien immer in die Quarantäne. |
17.06.2008, 01:07 | #14 |
> MalwareDB | explorer.exe stürzt ab/lädt neu Hat Malwar3bytes den Rechner neu gestartet? Lass es dann bitte noch einmal laufen poste auch dieses Logfile. Filelist 1. Lade das filelist.zip auf deinen Desktop herunter. 2. Entpacke die Zip-Datei auf deinen Desktop (mit einem Packprogramm), öffne die nun auf deinem Destop vorhandene filelist.bat mit einem Doppelklick auf die Datei 3. Dein Editor (Textverarbeitungsprogramm) wird sich öffnen 4. Markiere von diesem Inhalt aus jedem Verzeichnis jeweils die letzten 30 Tage, wähle kopieren, füge diese Dateien in deinem nächsten Beitrag ein. Dies sind die Verzeichnisse von denen wir jeweils die letzten 30 Tage sehen wollen: Verzeichnis von C:\ Verzeichnis von C:\WINDOWS\system32 Verzeichnis von C:\WINDOWS Verzeichnis von C:\WINDOWS\Prefetch (Windows XP) Verzeichnis von C:\WINDOWS\tasks Verzeichnis von C:\WINDOWS\Temp Verzeichnis von C:\DOCUME~1\Name\LOCALS~1\Temp Credits to Karl83 / KarlKarl Ist die Datei zu groß, lade sie bei File-Upload.net - Ihr kostenloser File Hoster! hoch und poste den Link. Dann poste noch ein neues HijackThis Logfile.
__________________ If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over[...]. Stuart Udall |
17.06.2008, 13:14 | #15 |
| explorer.exe stürzt ab/lädt neu Mal wieder herzlichen Dank für eure Hilfe! Also: Nummer 1 Code:
ATTFilter Malwarebytes' Anti-Malware 1.17 Datenbank Version: 861 13:39:07 17.06.2008 mbam-log-6-17-2008 (13-39-07).txt Scan Art: Komplett Scan (C:\|) Objekte gescannt: 184700 Scan Dauer: 1 hour(s), 30 minute(s), 6 second(s) Infizierte Speicher Prozesse: 0 Infizierte Speicher Module: 0 Infizierte Registrierungsschl¸ssel: 1 Infizierte Registrierungswerte: 0 Infizierte Datei Objekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicher Prozesse: (Keine Malware Objekte gefunden) Infizierte Speicher Module: (Keine Malware Objekte gefunden) Infizierte Registrierungsschl¸ssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine Malware Objekte gefunden) Infizierte Datei Objekte der Registrierung: (Keine Malware Objekte gefunden) Infizierte Verzeichnisse: (Keine Malware Objekte gefunden) Infizierte Dateien: (Keine Malware Objekte gefunden) |
Themen zu explorer.exe stürzt ab/lädt neu |
adobe, antivir, application, avira, bonjour, defender, dll, excel, explorer.exe, helfen, hijack, hijackthis, icq, immer wieder, internet, internet explorer, messenger, micro, microsoft, neu, nvidia, object, rundll, software, system, vielen dank, viren, windows, windows defender, windows xp, windows xp sp3, xp sp3 |