| |
| |||||||
Log-Analyse und Auswertung: fumoei.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.01.2009, 20:25
| #1 |
 |  fumoei.exe Hallo, Habe bereits mit Virus Total überprüft,Logfile u Screenshot liegen bei.Hilfe bitte!  Virus Total.com Scan: a-squared 4.0.0.73 2009.01.11 - AhnLab-V3 2009.1.10.0 2009.01.11 - AntiVir 7.9.0.54 2009.01.10 - Authentium 5.1.0.4 2009.01.10 W32/Heuristic-KPP!Eldorado Avast 4.8.1281.0 2009.01.11 - AVG 8.0.0.229 2009.01.10 - BitDefender 7.2 2009.01.11 - CAT-QuickHeal 10.00 2009.01.09 - ClamAV 0.94.1 2009.01.11 - Comodo 915 2009.01.11 - DrWeb 4.44.0.09170 2009.01.11 - eSafe 7.0.17.0 2009.01.11 - eTrust-Vet 31.6.6301 2009.01.10 - F-Prot 4.4.4.56 2009.01.11 W32/Heuristic-KPP!Eldorado Fortinet 3.117.0.0 2009.01.11 - GData 19 2009.01.11 - Ikarus T3.1.1.45.0 2009.01.11 - K7AntiVirus 7.10.584 2009.01.09 Trojan.Win32.Malware.New Kaspersky 7.0.0.125 2009.01.11 - McAfee 5492 2009.01.11 - McAfee+Artemis 5492 2009.01.11 - Microsoft 1.4205 2009.01.11 - NOD32 3757 2009.01.11 - Norman 5.99.02 2009.01.09 - Panda 9.4.3.3 2009.01.11 - PCTools 4.4.2.0 2009.01.11 - Prevx1 V2 2009.01.11 - Rising 21.11.62.00 2009.01.11 Trojan.Win32.Mnless.zjy SecureWeb-Gateway 6.7.6 2009.01.11 - Sophos 4.37.0 2009.01.11 - Sunbelt 3.2.1831.2 2009.01.09 - Symantec 10 2009.01.11 - TheHacker 6.3.1.4.217 2009.01.10 - TrendMicro 8.700.0.1004 2009.01.09 - VBA32 3.12.8.10 2009.01.10 - ViRobot 2009.1.10.1553 2009.01.10 Spyware.Mnless.40960 VirusBuster 4.5.11.0 2009.01.11 - weitere Informationen File size: 40960 bytes MD5...: 99528ac475755a70f130e4f5b956a395 SHA1..: e9beed2696499e0a31ff55489b4e5f1306742f90 SHA256: 5101e1c1b2f584883ac907adb5d8a69f57505d257c102f8716dfe3938cde424f SHA512: ede97be6c033e22f3975328ddbc96140cac642024e2000736822bba7f5a3eef3 6467e7b41954ce65c25cb7ce37dfaa09f518e9db370e6030bc4bba6281e1762e ssdeep: 384:mpTDzSSVHMC5sCdi9tJzTW7O9ta4SzyCSt8MzCENlU:m1eSVs2gtYfCt86Nl U PEiD..: Armadillo v1.71 TrID..: File type identification Win32 Executable MS Visual C++ (generic) (62.7%) Win32 Executable Generic (14.1%) Win32 Dynamic Link Library (generic) (12.6%) Win32 Executable MS Visual FoxPro 7 (3.7%) Generic Win/DOS Executable (3.3%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x401287 timedatestamp.....: 0x466c128f (Sun Jun 10 15:02:39 2007) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x39a7 0x4000 6.22 a2917cb335e0833a5ccf23c8aa9837ee .rdata 0x5000 0x90e 0x1000 3.63 e4952c60023d3b8531744242316f93bf .data 0x6000 0x2a3c 0x3000 0.42 9bcb9d4b2e3ea54c08face85649f2d1f .rsrc 0x9000 0xc0 0x1000 0.13 940ebea066af615877151972a5e130fe ( 1 imports ) > KERNEL32.dll: CloseHandle, Process32Next, OpenProcess, Process32First, CreateToolhelp32Snapshot, VirtualFreeEx, GetExitCodeThread, WaitForSingleObject, CreateRemoteThread, GetProcAddress, WriteProcessMemory, VirtualAllocEx, GetModuleHandleA, GetModuleFileNameA, lstrcpyA, GetLastError, CreateEventA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, GetCPInfo, GetACP, GetOEMCP, HeapAlloc, VirtualAlloc, HeapReAlloc, LoadLibraryA, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW ( 0 exports ) ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=99528ac475755a70f130e4f5b 956a395' target='_blank'>http://www.threatexpert.com/report.aspx?...130e4f5b956a395 </a> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=995 28ac475755a70f130e4f5b956a395' target='_blank'>http://research.sunbelt-software.com/par...130e4f5b956a395 </a> f Service & LOGFILE: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:47:43, on 09.01.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files (x86)\Free Download Manager\FUM\fumoei.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\PROGRA~2\FREEDO~1\fdm.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files (x86)\Free Download Manager\FUM\fumoei.exe O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dllink.htm O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files (x86)\Free Download Manager\FUM\fumiebtn.dll O13 - Gopher Prefix: O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ASP.NET-Zustandsdienst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files (x86)\Common Files\AVM\de_serv.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8011 bytes |
|
11.01.2009, 21:23
| #2 |
| | fumoei.exe Super Support hier Vielen Dank!!
__________________  |
|
11.01.2009, 21:26
| #3 |
| | fumoei.exe Nu beruhig dich und abwarten, die Leute die dass hier supporten haben auch ein Privatleben und sind nicht Daueronline. Also bitte Gedulde dich bis sich jemand deiner annimmt.
__________________ |
|
11.01.2009, 21:38
| #4 |
| | fumoei.exe Das weiss ich auch aber mein Thread in dem es um das gleiche geht ist bereits 2 Tage alt....Whatever.. |
|
12.01.2009, 13:08
| #5 |
| | fumoei.exe Jaaaaaaaaa noch mehr Support bitte wuhaaaaa  |
|
| Themen zu fumoei.exe |
| .dll, adobe, antivirus, artemis, avira, bho, bonjour, computer, defender, download, error, explorer, free download, generic, gigabyte, hijack, hijackthis, internet, internet explorer, logfile, lsass.exe, nvidia, plug-in, rundll, scan, virus, virus total, vista, windows, windows sidebar, wmp |
Linear-Darstellung
