Windows Explorer schließt nach Öffnen nach 1-2 Sekunden eigenständig

Hey,

der Windows Explorer schließt nach dem Öffnen nach 1-2 Sekunden eigenständig.
Melde ich einen anderen Benutzer an, funktioniert der Explorer einwandfrei.
Ich würde eigentlich nur das Benutzerprofil erneuern, aber an anderer Stelle wurde ein HiJackThis gefordert und anschließend das Device als kompromittiert angesehen.

Ich habe ebenfalls ein HiJackthis vom System erstellt.

Kann mir jemand bei der Auswertung und der Problemlösung helfen?

Gruß,
Christoph

Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.7.0.24

Platform:  x64 Windows 10 (Pro), 10.0.14393.479 (ReleaseId: 1607), Service Pack: 0
Time:      24.01.2018 - 12:13 (UTC+01:00)
Language:  OS: German (0x407). Display: German (0x407). Non-Unicode: German (0x407)
Elevated:  Yes
Ran by:    xxx.xxx	(group: Limited User) on xxx.yyy, FirstRun: yes

Firefox: 54.0.1.6388
Edge:    11.0.14393.479
Internet Explorer: 11.0.14393.0
Default: "C:\windows\system32\LaunchWinApp.exe" "%1" (Microsoft Edge)  

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
   1  C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
   1  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
   1  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
   1  C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
   1  C:\Program Files (x86)\PDF24\pdf24.exe
   1  C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
   1  C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\TmCCSF.exe
   1  C:\Program Files (x86)\Trend Micro\Security Agent\NTRTScan.exe
   1  C:\Program Files (x86)\Trend Micro\Security Agent\PccNTMon.exe
   1  C:\Program Files (x86)\Trend Micro\Security Agent\TmListen.exe
   1  C:\Program Files\Bonjour\mDNSResponder.exe
   1  C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
   1  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
   1  C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
   1  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
   1  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
   1  C:\Windows\System32\InstallAgent.exe
   1  C:\Windows\System32\InstallAgentUserBroker.exe
   1  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   2  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\WUDFHost.exe
   1  C:\Windows\System32\audiodg.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\dwm.exe
   1  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\igfxCUIService.exe
   1  C:\Windows\System32\igfxEM.exe
   1  C:\Windows\System32\igfxHK.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  19  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
   1  C:\Windows\explorer.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp17win10.msn.com/?pc=HCTE
R0 - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp17win10.msn.com/?pc=HCTE
R0 - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp17win10.msn.com/?pc=HCTE
R1 - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R4 - SearchScopes: [DefaultScope] HKU\S-1-5-20 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (no name) - (no URL)
O2 - HKLM\..\BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (file missing)
O2 - HKLM\..\BHO: Trend Micro Osprey Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files (x86)\Trend Micro\Security Agent\TmopIEPlg.dll
O2-32 - HKLM\..\BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (file missing)
O2-32 - HKLM\..\BHO: Trend Micro Osprey Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files (x86)\Trend Micro\Security Agent\TmopIEPlg32.dll
O4 - HKLM\..\StartupApproved\Run: [RTHDVCPL] (1601/01/01) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
O4-32 - HKLM\..\Run: [CLMLServer_For_P2G8] c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
O4-32 - HKLM\..\Run: [CLVirtualDrive] c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R
O4-32 - HKLM\..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\Security Agent\pccntmon.exe -HideWindow
O4-32 - HKLM\..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)  
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9-32 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)  
O9-32 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O17 - DHCP DNS - 1: 10.185.64.101
O17 - DHCP DNS - 2: 10.185.64.102
O17 - HKLM\Software\..\Telephony: DomainName = hmg.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hmg.local
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\Security Agent\TmopIEPlg.dll
O22 - Task: (disabled) (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask - {E7ED314F-2816-4C26-AEB5-54A34D02404C} - C:\windows\System32\kernelceip.dll (Microsoft)
O22 - Task: (disabled) HPJumpStartProvider - C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe (file missing)
O22 - Task: (disabled) \Microsoft\Windows\AppID\SmartScreenSpecific - {9F2B0085-9218-42A1-88B0-9F0E65851666},U - C:\windows\system32\apprepsync.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\EDP\EDP App Launch Task - {35EF4182-F900-4632-B072-8639E4478A61},AppLaunch - (no file)
O22 - Task: (disabled) \Microsoft\Windows\EDP\EDP Auth Task - {35EF4182-F900-4632-B072-8639E4478A61},ReAuth - (no file)
O22 - Task: (disabled) \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate - {9CDA66BE-3271-4723-8D35-DD834C58AD92} - C:\Windows\System32\ErrorDetailsUpdate.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Maps\MapsToastTask - {9885AEF2-BD9F-41E0-B15E-B3141395E803},$(Arg0);$(Arg1);$(Arg2);$(Arg3) - C:\windows\System32\mapstoasttask.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Plug and Play\Plug and Play Cleanup - {DEF03232-9688-11E2-BE7F-B4B52FD966FF} - C:\Windows\System32\pnpclean.dll (Microsoft)
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: GoogleUpdateTaskUserS-1-5-21-1649406601-393958036-905101291-1335Core - C:\Users\xxx.xxx\AppData\Local\Google\Update\GoogleUpdate.exe /c (file missing)
O22 - Task: GoogleUpdateTaskUserS-1-5-21-1649406601-393958036-905101291-1335UA - C:\Users\xxx.xxx\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (file missing)
O22 - Task: HPGenoobeReminder - C:\Program Files (x86)\HP\HP Registration Service\HP GenOOBE\HPGenOOBE.exe CLEAR (file missing)
O22 - Task: OneDrive Standalone Update Task - C:\Users\xxx.xxx\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate - {FE285C8C-5360-41C1-A700-045501C740DE} - C:\Windows\System32\ErrorDetailsUpdate.dll (Microsoft)
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Dienst "Bonjour" - (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe  
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\windows\system32\igfxCUIService.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Intel(R) Rapid Storage Technology - (IAStorDataMgrSvc) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service R2: Intel(R) Security Assist Helper - (isaHelperSvc) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service R2: Net Driver HPZ12 - C:\windows\System32\svchost.exe; "ServiceDll" = C:\Windows\System32\HPZinw12.dll  
O23 - Service R2: Pml Driver HPZ12 - C:\windows\System32\svchost.exe; "ServiceDll" = C:\Windows\System32\HPZipm12.dll  
O23 - Service R2: Realtek Audio Service - (RtkAudioService) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service R2: TeamViewer 10 - (TeamViewer) - c:\users\xxx.xxx\appdata\local\temp\teamviewer\TeamViewer_Service.exe
O23 - Service R2: Trend Micro Security Agent Listener - (tmlisten) - C:\Program Files (x86)\Trend Micro\Security Agent\tmlisten.exe
O23 - Service R2: Trend Micro Security Agent RealTime Scan - (ntrtscan) - C:\Program Files (x86)\Trend Micro\Security Agent\ntrtscan.exe
O23 - Service R3: Trend Micro Common Client Solution Framework - (TmCCSF) - C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\TmCCSF.exe
O23 - Service R3: Trend Micro Unauthorized Change Prevention Service - (TMBMServer) - C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
O23 - Service S3: Active Directory Migration Agent - (OnePointDomainAdminService) - C:\windows\OnePointDomainAgent\DCTAgentService.exe (file missing)
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service S3: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\windows\system32\IntelCpHDCPSvc.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Intel(R) Security Assist - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Windows Defender Advanced Threat Protection-Dienst - (Sense) - C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
O23 - Service S3: Windows Defender-Dienst - (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe
O23 - Service S3: Windows Defender-Netzwerkinspektionsdienst - (WdNisSvc) - C:\Program Files\Windows Defender\NisSrv.exe



Debug information:

- 24.01.2018 12:13:22 - modFile.OpenW - #0 LastDllError = 5 (Zugriff verweigert) Cannot open file: C:\windows\system32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} 
- 24.01.2018 12:13:22 - modFile.OpenW - #0 LastDllError = 5 (Zugriff verweigert) Cannot open file: C:\windows\system32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} 

--
End of file - Time spent: 17 sec. - 25504 bytes, CRC32: FFFFFFFF. Sign: 歡

Please also mark the comments that contributed to the solution of the article

Content-Key: 362208

Url: https://administrator.de/contentid/362208

Printed on: April 19, 2024 at 09:04 o'clock

4 Comments

Latest comment

Moin,

ohne auf das Log einzugehen, würde ich beim leiseten Verdacht eines Befalls die Kiste platt machen und neu aufbauen.
Ist in jedem Fall sicherer und ggfs. auch schneller als die Suche nach dem/den Verdächtigen, auch wenn's in wenigen Fällen vielleicht übers Ziel hinausschiesst.

Was meinst Du mit "aber an anderer Stelle wurde ein HiJackThis gefordert"?

Gruss