Explorer.exe Verursacht Fehler

Toretto · 05.07.2008, 22:30

Hi,

also meiner erster Post und mein erster Fehler mit Explorer.exe.

Ich fahre den Rechner hoch, alles läuft super, nach einiger zeit (zufällig) kommt ein Fenster "Explorer.exe verursachte einen Fehler, muss geschlossen werden". Danach öffnet sich ein kleineres Fenster wo die Überschrift "Persönliche Einstellung..." heißt.

Hier ist mein HJT-Logfile:

Zitat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:14, on 05.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\LEXBCES.EXE
C:\windows\system32\spoolsv.exe
C:\windows\system32\LEXPPS.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Java\jre1.5.0\bin\jusched.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\LXSUPMON.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\windows\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\windows\system32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\iPod\bin\iPodService.exe
C:\windows\system32\wscntfy.exe
C:\Programme\uTorrent\uTorrent.exe
L:\Tools\upp_2.00_final_[2005.01.28]\mirc_upp.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\windows\service.exe
C:\windows\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LXSUPMON] C:\windows\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl8] C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Programme\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows UDP Control Center] service.exe
O4 - HKLM\..\RunOnce: [*Windows Update Manager] C:\windows\system32\svshost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinServiceManager] C:\windows\system32\service.exe
O4 - HKCU\..\Run: [Windows Update Manager] C:\windows\system32\svshost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Programme\Dropbox\dropbox.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\windows\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6563 bytes

thx im vorraus

KarlKarl · 05.07.2008, 22:53

Hi,

Im Explorer im Menü Extras -> Ordneroptionen -> Ansicht setze folgende Einstellungen:

Erweiterungen bei bekannten Dateitypen ausblenden -> Haken weg
Geschützte Systemdateien ausblenden -> Haken weg
Inhalte von Systemordnern anzeigen -> Haken setzen (diese Option ist bei Windows 2000 nicht vorhanden)
Versteckte Dateien und Ordner -> Alle Dateien und Ordner anzeigen

Hier sind zwei Seiten, wo Du gefundene Dateien hochladen kannst, damit sie mit mehreren Scannern untersucht werden.

Mach das mit folgender/n Datei/en auf einer dieser beiden Seiten, bevorzugt bei VirusTotal:

C:\windows\service.exe
C:\windows\system32\service.exe
C:\windows\system32\svshost.exe
L:\Tools\upp_2.00_final_[2005.01.28]\mirc_upp.exe

Die erhaltenen Ergebnisse mit kopieren und einfügen hier posten, dabei auch die Zeilen mit Namen und Größe der Datei, MD5 und SHA1 kopieren (soweit vorhanden). Solltest Du Dateien nicht finden oder hochladen können, dann teile uns das ebenfalls mit.

Gruß, Karl

Toretto · 05.07.2008, 23:21

C:\windows\service.exe

Zitat:

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.7.4.1 2008.07.05 -
AntiVir 7.8.0.64 2008.07.05 -
Authentium 5.1.0.4 2008.07.04 -
Avast 4.8.1195.0 2008.07.05 -
AVG 7.5.0.516 2008.07.05 -
BitDefender 7.2 2008.07.05 -
CAT-QuickHeal 9.50 2008.07.04 -
ClamAV 0.93.1 2008.07.05 -
DrWeb 4.44.0.09170 2008.07.05 -
eSafe 7.0.17.0 2008.07.03 -
eTrust-Vet 31.6.5927 2008.07.04 -
Ewido 4.0 2008.07.05 -
F-Prot 4.4.4.56 2008.07.04 -
F-Secure 7.60.13501.0 2008.07.03 -
Fortinet 3.14.0.0 2008.07.05 -
GData 2.0.7306.1023 2008.07.05 -
Ikarus T3.1.1.26.0 2008.07.05 -
Kaspersky 7.0.0.125 2008.07.05 -
McAfee 5332 2008.07.04 -
Microsoft 1.3704 2008.07.05 -
NOD32v2 3244 2008.07.05 -
Norman 5.80.02 2008.07.04 -
Panda 9.0.0.4 2008.07.05 -
Prevx1 V2 2008.07.06 -
Rising 20.51.42.00 2008.07.04 Trojan.Win32.Delf.ykq
Sophos 4.31.0 2008.07.05 -
Sunbelt 3.1.1509.1 2008.07.04 -
Symantec 10 2008.07.05 -
TheHacker 6.2.96.373 2008.07.05 -
TrendMicro 8.700.0.1004 2008.07.05 -
VBA32 3.12.6.8 2008.07.05 -
VirusBuster 4.5.11.0 2008.07.05 -
Webwasher-Gateway 6.6.2 2008.07.05 -
weitere Informationen
File size: 46080 bytes
MD5...: 5358d52cdbf48daea6a3d00b2b2e65e7
SHA1..: b1d3d4d89b99ebe885e61ebff1957088354a4242
SHA256: cdfd9628f668b471942c7d6fc37bd1b0ea6ed657413873e7db8f1d16f742ac59
SHA512: 2e92749fa3cf9d972ad841f83e2c02b604ab5a1da483b20264afe2c4360e7d36
9212b68833671a06e9977836bd8948815e023c81f2aa51c623a283e9d8b448fc
PEiD..: BobSoft Mini Delphi -> BoB / BobSoft
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x25a30
timedatestamp.....: 0x486f6f60 (Sat Jul 05 12:56:00 2008)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x4ac8 0x4c00 6.41 8b0dd7d663e13126387a54a1e2554549
DATA 0x6000 0x11c 0x200 2.87 0c5e18a1c5d7bcc2cb4df2ce2736920f
BSS 0x7000 0x6f9 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x8000 0x45c 0x600 3.57 cc03b8196c1c9a4cd7324bb521b020db
.edata 0x9000 0x44 0x200 0.58 a649b05a8168a3c2738a6d4df4979aee
.tls 0xa000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xb000 0x18 0x200 0.20 44d7eea98589ca89f9a1dc09e347e00f
.reloc 0xc000 0x4e8 0x600 5.94 0cf2e1e0da8034f3c8cf646735a1fbc4
.rsrc 0xd000 0x506c 0x5200 7.98 2f54e33a6111c832fe0e7c2854d500e9

( 5 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
> user32.dll: GetKeyboardType, MessageBoxA, CharNextA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> kernel32.dll: SetPriorityClass, SetMailslotInfo, PulseEvent, LoadLibraryA, GetProcAddress, GetOEMCP, GetModuleFileNameA, GetLastError, GetComputerNameA, GetACP, FreeLibrary

( 1 exports )
pooop

C:\windows\system32\service.exe

Zitat:

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.7.4.1 2008.07.05 -
AntiVir 7.8.0.64 2008.07.05 -
Authentium 5.1.0.4 2008.07.04 -
Avast 4.8.1195.0 2008.07.05 -
AVG 7.5.0.516 2008.07.05 -
BitDefender 7.2 2008.07.05 -
CAT-QuickHeal 9.50 2008.07.04 -
ClamAV 0.93.1 2008.07.05 -
DrWeb 4.44.0.09170 2008.07.05 -
eSafe 7.0.17.0 2008.07.03 -
eTrust-Vet 31.6.5929 2008.07.05 -
Ewido 4.0 2008.07.05 -
F-Prot 4.4.4.56 2008.07.04 -
F-Secure 7.60.13501.0 2008.07.03 -
Fortinet 3.14.0.0 2008.07.05 -
GData 2.0.7306.1023 2008.07.05 -
Ikarus T3.1.1.26.0 2008.07.05 -
Kaspersky 7.0.0.125 2008.07.05 -
McAfee 5332 2008.07.04 -
Microsoft 1.3704 2008.07.05 -
NOD32v2 3244 2008.07.05 -
Norman 5.80.02 2008.07.04 -
Panda 9.0.0.4 2008.07.05 -
Prevx1 V2 2008.07.06 -
Rising 20.51.42.00 2008.07.04 Trojan.Win32.Delf.ykq
Sophos 4.31.0 2008.07.05 -
Sunbelt 3.1.1509.1 2008.07.04 -
Symantec 10 2008.07.05 -
TheHacker 6.2.96.373 2008.07.05 -
TrendMicro 8.700.0.1004 2008.07.05 -
VBA32 3.12.6.8 2008.07.05 -
VirusBuster 4.5.11.0 2008.07.05 -
Webwasher-Gateway 6.6.2 2008.07.05 -
weitere Informationen
File size: 72704 bytes
MD5...: 86aeec6c11c05acf76016f171283db20
SHA1..: 852aa033bd9c7f07f156c6befee777bf77e86882
SHA256: 823fa77b242bcc7642970233a4a1cdb514d89008f3cdbb6ab2d14b5b3a78ead0
SHA512: f5f56006516c95f0d2f175f84a4512591331cb6586ecd1344ae09e4eb3863a54
2165f055f37dbc39675992672fa7e15fefcd7b1b5e9f08d8a67861a6fce6f772
PEiD..: BobSoft Mini Delphi -> BoB / BobSoft
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x25a30
timedatestamp.....: 0x486f6f60 (Sat Jul 05 12:56:00 2008)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x4ac8 0x4c00 6.41 8b0dd7d663e13126387a54a1e2554549
DATA 0x6000 0x11c 0x200 2.87 0c5e18a1c5d7bcc2cb4df2ce2736920f
BSS 0x7000 0x6f9 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x8000 0x45c 0x600 3.57 cc03b8196c1c9a4cd7324bb521b020db
.edata 0x9000 0x44 0x200 0.58 a649b05a8168a3c2738a6d4df4979aee
.tls 0xa000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xb000 0x18 0x200 0.20 44d7eea98589ca89f9a1dc09e347e00f
.reloc 0xc000 0x4e8 0x600 5.94 0cf2e1e0da8034f3c8cf646735a1fbc4
.rsrc 0xd000 0xb9e4 0xba00 8.00 e549cf966c23a5de79ad13f420849d03

( 5 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
> user32.dll: GetKeyboardType, MessageBoxA, CharNextA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> kernel32.dll: SetPriorityClass, SetMailslotInfo, PulseEvent, LoadLibraryA, GetProcAddress, GetOEMCP, GetModuleFileNameA, GetLastError, GetComputerNameA, GetACP, FreeLibrary

( 1 exports )
pooop

C:\windows\system32\svshost.exe

Zitat:

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.7.4.1 2008.07.05 -
AntiVir 7.8.0.64 2008.07.05 TR/Dropper.Gen
Authentium 5.1.0.4 2008.07.04 -
Avast 4.8.1195.0 2008.07.05 -
AVG 7.5.0.516 2008.07.05 Injector.G
BitDefender 7.2 2008.07.05 -
CAT-QuickHeal 9.50 2008.07.04 -
ClamAV 0.93.1 2008.07.05 -
DrWeb 4.44.0.09170 2008.07.05 BackDoor.IRC.Sdbot.3566
eSafe 7.0.17.0 2008.07.03 -
eTrust-Vet 31.6.5927 2008.07.04 -
Ewido 4.0 2008.07.05 -
F-Prot 4.4.4.56 2008.07.04 -
F-Secure 7.60.13501.0 2008.07.03 -
Fortinet 3.14.0.0 2008.07.05 -
GData 2.0.7306.1023 2008.07.05 -
Ikarus T3.1.1.26.0 2008.07.05 VirTool.Win32.DelfInject.AC
Kaspersky 7.0.0.125 2008.07.05 -
McAfee 5332 2008.07.04 -
Microsoft 1.3704 2008.07.06 VirTool:Win32/Injector.gen!D
NOD32v2 3244 2008.07.05 -
Norman 5.80.02 2008.07.04 -
Panda 9.0.0.4 2008.07.05 -
Prevx1 V2 2008.07.06 -
Rising 20.51.42.00 2008.07.04 -
Sophos 4.31.0 2008.07.05 -
Sunbelt 3.1.1509.1 2008.07.04 -
Symantec 10 2008.07.05 -
TheHacker 6.2.96.373 2008.07.05 -
TrendMicro 8.700.0.1004 2008.07.05 -
VBA32 3.12.6.8 2008.07.05 -
VirusBuster 4.5.11.0 2008.07.05 -
Webwasher-Gateway 6.6.2 2008.07.05 Trojan.Dropper.Gen
weitere Informationen
File size: 70144 bytes
MD5...: 90db86dcdee1250090126e0ee396eb65
SHA1..: 1a2e02735353bbc7b8741b32eb13d7ed68852ed7
SHA256: 7e84c654211a33ff650653e288a700f341845f708cfb79df9f8946ae0d3c1c5e
SHA512: 289e3f40fc2e75432bb07100c896dae04de4aedc8f4b0d1eea8e4abc3cd51fc1
3289bc32f30e22f9159f861fe4e080fcebb59231141dd596b7c6cb13dbdcba3a
PEiD..: BobSoft Mini Delphi -> BoB / BobSoft
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x15344
timedatestamp.....: 0x4851a153 (Thu Jun 12 22:21:07 2008)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x43d0 0x4400 6.41 471ddc8dd1d869f553f067f5efcfe5d8
DATA 0x6000 0x110 0x200 2.78 5f4ff7396f14b300ff6f91941e8cf214
BSS 0x7000 0x6f9 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x8000 0x432 0x600 3.43 d44f80403b6b916ae796c30b6cc2d601
.tls 0x9000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xa000 0x18 0x200 0.20 999d578b860d2bb3e971d8c3b30967c3
.reloc 0xb000 0x4dc 0x600 5.90 39c76c17ae470bcada81c04c5e6a95c8
.rsrc 0xc000 0xb9d4 0xba00 8.00 80315a2c7e987a9d0c027361e53476f7

( 6 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
> user32.dll: GetKeyboardType, MessageBoxA, CharNextA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> kernel32.dll: SetHandleInformation, SetCommMask, LoadLibraryA, GetProcAddress, GetLastError, FreeLibrary
> shell32.dll: ExtractIconA

( 0 exports )

L:\Tools\upp_2.00_final_[2005.01.28]\mirc_upp.exe

Zitat:

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.7.4.1 2008.07.05 -
AntiVir 7.8.0.64 2008.07.05 -
Authentium 5.1.0.4 2008.07.04 -
Avast 4.8.1195.0 2008.07.05 -
AVG 7.5.0.516 2008.07.05 -
BitDefender 7.2 2008.07.05 Application.Mirc.CF
CAT-QuickHeal 9.50 2008.07.04 Backdoor.mIRC-based
ClamAV 0.93.1 2008.07.05 -
DrWeb 4.44.0.09170 2008.07.05 -
eSafe 7.0.17.0 2008.07.03 Suspicious File
eTrust-Vet 31.6.5929 2008.07.05 -
Ewido 4.0 2008.07.05 -
F-Prot 4.4.4.56 2008.07.04 -
F-Secure 7.60.13501.0 2008.07.03 Backdoor.Win32.mIRC-based
Fortinet 3.14.0.0 2008.07.05 Misc/MIRC
GData 2.0.7306.1023 2008.07.05 Backdoor.Win32.mIRC-based
Ikarus T3.1.1.26.0 2008.07.05 not-a-virus:Client-IRC.Win32.mIRC.616
Kaspersky 7.0.0.125 2008.07.06 Backdoor.Win32.mIRC-based
McAfee 5332 2008.07.04 -
Microsoft 1.3704 2008.07.06 -
NOD32v2 3244 2008.07.05 -
Norman 5.80.02 2008.07.04 -
Panda 9.0.0.4 2008.07.05 -
Prevx1 V2 2008.07.06 -
Rising 20.51.42.00 2008.07.04 -
Sophos 4.31.0 2008.07.05 -
Sunbelt 3.1.1509.1 2008.07.04 -
Symantec 10 2008.07.05 -
TheHacker 6.2.96.373 2008.07.05 Aplicacion/mIRC.616
TrendMicro 8.700.0.1004 2008.07.05 -
VBA32 3.12.6.8 2008.07.05 -
VirusBuster 4.5.11.0 2008.07.05 -
Webwasher-Gateway 6.6.2 2008.07.05 -
weitere Informationen
File size: 2002944 bytes
MD5...: c05d1a77ebc20fd8b7338e8b33ef741a
SHA1..: 9707f0404fff3a84c0e1c601f4bc5b07337ce4ba
SHA256: 4f4d88c3da12da1d40ca4bf0941451f45710576b6a27d8914cc6886efd6b3eec
SHA512: a0c541d00b0b9248363a5dff000c88efa121cc851d1f9f87be369d9220ddb659
a8ee92abbf7c05d4c9afdd9bbf9c9b0ac32f7946d863ba78df85374c0815c100
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x574729
timedatestamp.....: 0x40ec154b (Wed Jul 07 15:22:51 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1811ab 0x182000 6.60 9eb641d27c3cf0a106842773af82aa99
.rdata 0x183000 0x173a8 0x18000 5.98 94e874f8d7ca56804ce22ea9bf97b9c2
.data 0x19b000 0x2adc0 0x4000 4.18 6e2e45c5559f2f04325c177d9ccaeb2b
.rsrc 0x1c6000 0x49908 0x4a000 4.85 aa1b1f91c671e0c5495f951fe07e872d

( 13 imports )
> WINMM.dll: timeEndPeriod, timeSetEvent, timeKillEvent, mciGetErrorStringA, timeGetDevCaps, mixerClose, mixerSetControlDetails, mciGetDeviceIDA, mciSendStringA, timeBeginPeriod, sndPlaySoundA, mixerGetLineControlsA, mixerGetLineInfoA, mixerOpen, mixerGetControlDetailsA
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> VERSION.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> MPR.dll: WNetCloseEnum, WNetOpenEnumA, WNetEnumResourceA
> COMCTL32.dll: ImageList_AddMasked, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
> KERNEL32.dll: CreateEventA, GetSystemDefaultLangID, GetLocaleInfoA, GetSystemDefaultLCID, GetWindowsDirectoryA, GlobalFree, GlobalAlloc, GlobalUnlock, lstrcatA, lstrcpyA, lstrlenA, lstrcatW, lstrlenW, GlobalLock, lstrcpyW, GetVersionExA, QueryPerformanceCounter, QueryPerformanceFrequency, QueryDosDeviceA, GetFileType, CreateFileA, GetFileAttributesA, WinExec, WriteFile, MulDiv, FindClose, FindNextFileA, FindFirstFileA, GetModuleFileNameA, _lwrite, _lclose, _hwrite, GlobalSize, OpenFile, _hread, _llseek, _lopen, SetThreadPriority, GetCurrentProcess, GetCurrentThreadId, SetFilePointer, GetLastError, ReadFile, SetEndOfFile, FlushFileBuffers, WaitForSingleObject, GetVolumeInformationA, GetDriveTypeA, GetLogicalDriveStringsA, SetFileAttributesA, WritePrivateProfileStringA, GetPrivateProfileStringA, GetLocalTime, lstrcmpA, UnmapViewOfFile, MapViewOfFile, OpenFileMappingA, SetErrorMode, FindCloseChangeNotification, Sleep, FindNextChangeNotification, WaitForMultipleObjects, FindFirstChangeNotificationA, GetEnvironmentVariableA, GetShortPathNameA, CompareFileTime, GetFileTime, ReleaseMutex, CreateMutexA, GetTimeZoneInformation, LocalAlloc, LocalReAlloc, LocalFree, lstrcpynA, GetTempPathA, SizeofResource, GetSystemTimeAsFileTime, CreateThread, TlsGetValue, TlsSetValue, ExitThread, HeapFree, HeapAlloc, GetOEMCP, GetCPInfo, ExitProcess, GetModuleHandleA, TerminateProcess, RtlUnwind, LoadLibraryA, GetProcAddress, FreeLibrary, SetEvent, CloseHandle, WideCharToMultiByte, MultiByteToWideChar, GetTickCount, FindResourceA, LoadResource, LockResource, HeapReAlloc, GetTimeFormatA, GetDateFormatA, GetStartupInfoA, GetCommandLineA, EnterCriticalSection, SetConsoleCtrlHandler, DeleteFileA, MoveFileA, LeaveCriticalSection, DeleteCriticalSection, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, TlsFree, SetLastError, TlsAlloc, UnhandledExceptionFilter, LCMapStringA, LCMapStringW, SetHandleCount, GetStdHandle, GetStringTypeA, GetStringTypeW, SetEnvironmentVariableA, SetEnvironmentVariableW, VirtualProtect, GetSystemInfo, VirtualQuery, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, RaiseException, InitializeCriticalSection, SetStdHandle, GetCurrentProcessId, HeapSize, CompareStringA, CompareStringW, FileTimeToSystemTime, FileTimeToLocalFileTime, GetFileInformationByHandle, PeekNamedPipe, RemoveDirectoryA, GetACP, GetCurrentDirectoryA, SetCurrentDirectoryA, GetFullPathNameA, GetDiskFreeSpaceA, CreateDirectoryA
> USER32.dll: DdeAccessData, DdeQueryStringA, DdeCreateDataHandle, DdeClientTransaction, DdeConnect, DdeCreateStringHandleA, DdeInitializeA, CallWindowProcA, SetKeyboardState, GetKeyboardState, ToAscii, ScrollDC, DrawIconEx, GetMessageA, GetWindowThreadProcessId, ClipCursor, FlashWindow, ShowScrollBar, CharLowerBuffA, CharLowerA, GetWindowDC, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, VkKeyScanA, GetKeyboardLayout, CopyAcceleratorTableA, MapVirtualKeyA, CallNextHookEx, GetCapture, GetSystemMetrics, SystemParametersInfoA, RedrawWindow, PeekMessageA, DefMDIChildProcA, GetMenuState, IsMenu, RemoveMenu, SetMenuItemInfoA, GetMenuItemInfoA, GetMenuItemID, TrackPopupMenu, GetMenuCheckMarkDimensions, RegisterWindowMessageA, SetWindowsHookExA, LoadAcceleratorsA, DispatchMessageA, TranslateMessage, TranslateMDISysAccel, TranslateAcceleratorA, IsDialogMessageA, GetForegroundWindow, LoadMenuA, PostQuitMessage, DefFrameProcA, RegisterClassExA, UnhookWindowsHookEx, ChildWindowFromPoint, ValidateRect, InvertRect, DefWindowProcA, DrawFrameControl, RegisterClassA, CreateIconIndirect, FindWindowExA, FindWindowA, SetScrollInfo, EqualRect, DdeUnaccessData, WindowFromPoint, ScreenToClient, CreateMenu, SetActiveWindow, GetWindow, GetMenuStringA, GetCursorPos, GetFocus, GetAsyncKeyState, GetWindowLongA, OpenClipboard, IsClipboardFormatAvailable, GetClipboardData, EmptyClipboard, CloseClipboard, SetClipboardData, GetWindowTextLengthA, GetWindowTextA, WinHelpA, LoadStringA, MessageBeep, GetTopWindow, IsZoomed, GetActiveWindow, IsWindow, IsCharAlphaNumericA, GetDesktopWindow, IsIconic, GetDialogBaseUnits, SetDlgItemInt, GetDlgItemInt, GetSystemMenu, CheckMenuItem, LoadCursorA, SetCursor, CreatePopupMenu, DestroyMenu, GetMenu, GetSubMenu, GetMenuItemCount, DeleteMenu, AppendMenuA, DrawMenuBar, FrameRect, FillRect, DestroyIcon, LoadImageA, SetWindowTextA, GetClientRect, GetParent, DrawFocusRect, GetSysColor, CheckDlgButton, IsWindowEnabled, GetKeyState, IsDlgButtonChecked, BeginPaint, EndPaint, SendMessageA, LoadBitmapA, InvalidateRect, UpdateWindow, KillTimer, EndDialog, SetRect, SetFocus, PostMessageA, PtInRect, LoadIconA, DdeFreeDataHandle, DdeNameService, DdeUninitialize, DdeDisconnect, DdeFreeStringHandle, DialogBoxParamA, IsChild, InsertMenuA, ModifyMenuA, GetNextDlgTabItem, EnableMenuItem, ChildWindowFromPointEx, GetScrollPos, GetScrollRange, ClientToScreen, SetScrollPos, EnableWindow, ShowWindow, MoveWindow, SetWindowPos, SetTimer, wsprintfA, SetMenu, CreateWindowExA, SetScrollRange, GetIconInfo, DrawIcon, GetDlgCtrlID, DrawTextA, SetCapture, ReleaseCapture, GetWindowPlacement, SetWindowPlacement, BringWindowToTop, SetForegroundWindow, SendDlgItemMessageA, GetDC, GetDlgItem, GetWindowRect, MapWindowPoints, ReleaseDC, IsWindowVisible, CreateDialogParamA, DestroyWindow, GetClassNameA, CopyRect, SetWindowLongA
> GDI32.dll: CreateCompatibleBitmap, LineTo, MoveToEx, CreatePen, SelectClipRgn, CombineRgn, CreateRectRgn, GetNearestColor, GetDeviceCaps, GetTextExtentPointA, CreateFontIndirectA, GetDIBits, CreateDIBitmap, ExtFloodFill, CreatePatternBrush, Rectangle, RoundRect, StretchBlt, GetStockObject, SetROP2, SetBkMode, EnumFontFamiliesExA, GetTextCharset, PtInRegion, CreatePolygonRgn, Polyline, SetPixel, ExcludeClipRect, CreateBitmap, PatBlt, StretchDIBits, SetWindowOrgEx, GetObjectType, TextOutA, DeleteDC, SetStretchBltMode, SetBrushOrgEx, CreateCompatibleDC, BitBlt, GetObjectA, CreateFontA, CreateSolidBrush, CreateHatchBrush, GetTextMetricsA, SetTextColor, SetBkColor, ExtTextOutA, DeleteObject, SelectObject, Ellipse, GetPixel, SetPixelV
> comdlg32.dll: ChooseFontA, CommDlgExtendedError, GetOpenFileNameA, ChooseColorA
> ADVAPI32.dll: RegEnumKeyA, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegDeleteKeyA, RegOpenKeyA, RegQueryValueA, RegCreateKeyA, RegSetValueA, RegCloseKey, RegOpenKeyExA
> SHELL32.dll: SHGetSpecialFolderLocation, Shell_NotifyIconA, SHBrowseForFolderA, SHFileOperationA, SHGetDesktopFolder, SHGetPathFromIDListA, SHGetMalloc, DragQueryPoint, DragQueryFileA, DragFinish, ExtractIconExA, ExtractIconA, FindExecutableA, ShellExecuteA, DragAcceptFiles
> ole32.dll: ProgIDFromCLSID, CoCreateInstance, CLSIDFromProgID, OleInitialize, OleUninitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -

( 0 exports )

Hoffe habe alles richtig gemacht.

Explorer.exe Verursacht Fehler

Log-Analyse und Auswertung: Explorer.exe Verursacht Fehler