Win 7 x64: Setup[1].exe (Win32/Injected.F trojan) in Temporary Internet Files und weitere Funde

Fex80 · 12.03.2014, 14:02

1.a) emsi.zip anbei.
1.b) MBRMastr_2014.03.12_13.52.45.txt

Code:

ATTFilter

Detected Windows version: 6.1 Build 7601 Service Pack 1
Installing direct disk access driver ...
Driver connection handle: 0x00000114
1 valid drive(s) found.

Details for Disk 0 - SAMSUNG HN-M750MBB Rev 2AR1:
  Device name              : \\.\PhysicalDrive0
  Geometry (C/H/S)         : 91201/255/63
  Boot loader reputation   : Unknown
  Cross view comparison    : Passed
  Partition table integrity: Passed

  Boot loader hashes
    SHA-1                  : F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5
    MD5                    : 2E5DEBB2116B3417023E0D6562D7ED07

2. Temp File Cleaner ausgeführt

3. Fixlog.txt

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-03-2014 02
Ran by Bhakti at 2014-03-12 13:58:05 Run:1
Running from C:\Users\Bhakti\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
S2 DatamngrCoordinator2; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [X]
         
*****************

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully.
DatamngrCoordinator2 => Service deleted successfully.

==== End of Fixlog ====

Danke & Grüße!

Fex80

Win 7 x64: Setup[1].exe (Win32/Injected.F trojan) in Temporary Internet Files und weitere Funde

Log-Analyse und Auswertung: Win 7 x64: Setup[1].exe (Win32/Injected.F trojan) in Temporary Internet Files und weitere Funde

Win 7 x64: Setup[1].exe (Win32/Injected.F trojan) in Temporary Internet Files und weitere Funde

Ähnliche Themen: Win 7 x64: Setup[1].exe (Win32/Injected.F trojan) in Temporary Internet Files und weitere Funde