Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner

GVU Trojaner


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 08.01.2013, 20:19   #3
Nanni-5
 
GVU Trojaner - Standard

GVU Trojaner


Hallo ryder,
zunächst vielen Dank für die schnelle Antwort. Hier meine Lokfile:
Code:
ATTFilter

	
Code: 

 
ATTFilter


  

	
HitmanPro 3.7.0.185
www.hitmanpro.com

   Computer name . . . . : RAINER-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Rainer-PC\Rainer
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2013-01-07 14:47:43
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 36s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 157

   Objects scanned . . . : 1.400.703
   Files scanned . . . . : 24.257
   Remnants scanned  . . : 427.587 files / 948.859 keys

Potential Unwanted Programs _________________________________________________

   C:\Program Files (x86)\Ask.com\ (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\ (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\BadgeManager.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\common.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\config.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\css\ (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\css\popup.css (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\events.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\ (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\btn-bg.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\footer.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\header-top-plain.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\header-top.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\like.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\linkedin.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\on-off-knob.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\on-off.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\plus-minus.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\plusone.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\settings.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\tweet.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\notificationManager.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\optout.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\reports\ (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\reports\logger.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\reports\view_report.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\rules.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\socialButtons.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\template.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\templates\ (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\templates\all.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view_alert.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view_allowed_sites.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view_global.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\ (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\autoUpdate.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\background.html (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\bg.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\blank.html (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\common.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\config.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\config.xml (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\content.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\ContentPolicy.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\css\ (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\css\popup-ie.css (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\demo.html (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\demoRestricted.html (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\dntp.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPAddon.dll (AskBar) -> Deleted
      Size . . . . . . . : 470.976 bytes
      Age  . . . . . . . : 99.2 days (2012-09-30 10:20:10)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : FC338B27D65C57330BCF611B87C66ED46881C4DD766FE7B99B8394A757EBC795
      Product  . . . . . : Avira Do Not Track
      Publisher  . . . . : Abine
      Description  . . . : ScriptHost
      Version  . . . . . : 2.2.1.921
      Copyright  . . . . : Abine Inc.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0

   C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPButton.dll (AskBar) -> Deleted
      Size . . . . . . . : 245.696 bytes
      Age  . . . . . . . : 99.2 days (2012-09-30 10:20:10)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 2FC13CADD383B20CF47883318AA4CBF6CED368985E4E4616AD55570017F89898
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -9.0

   C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPContentFilter.dll (AskBar) -> Deleted
      Size . . . . . . . : 925.120 bytes
      Age  . . . . . . . : 99.2 days (2012-09-30 10:20:10)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : A2E81FF4D5C5AAD8287A06AC267AD64C2E2E7E7453A4A0A3857F12248FC074C7
      Product  . . . . . : Avira Do Not Track
      Description  . . . : DNTP ContentFilter Module
      Version  . . . . . : 2.2.1.921
      Copyright  . . . . : Abine Inc. Copyright 2012
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -14.0

   C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPService.exe (AskBar) -> Deleted
      Size . . . . . . . : 300.480 bytes
      Age  . . . . . . . : 99.2 days (2012-09-30 10:20:10)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 5432AEF914EA963BF63277837A30B82B59008BCA2B3E79D82A3FDB87C7386BDA
      Product  . . . . . : Avira Do Not Track
      Publisher  . . . . : Abine Inc.
      Description  . . . : Avira Do Not Track Service
      Version  . . . . . : 2.2.1.921
      Copyright  . . . . : Abine Inc.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0

   C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPServicePS.dll (AskBar) -> Deleted
      Size . . . . . . . : 51.136 bytes
      Age  . . . . . . . : 99.2 days (2012-09-30 10:20:10)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 79B321A17B6E4508921A90620F315FED39BA03F00D4FA2C848F62B89EAB837F8
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -9.0

   C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPTypes.dll (AskBar) -> Deleted
      Size . . . . . . . : 90.048 bytes
      Age  . . . . . . . : 99.2 days (2012-09-30 10:20:10)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : E1ECF35417E57AD8860CE5E99468F9B3D806F8C171EB6DBD5E06D2D41BE8160A
      Product  . . . . . : Avira Do Not Track
      Publisher  . . . . : Abine Inc.
      Description  . . . : Avira Do Not Track Shared Types
      Version  . . . . . : 2.2.1.921
      Copyright  . . . . : Abine Inc. All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0

   C:\Program Files (x86)\Ask.com\AbineSDK\IE\images\ (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\images\demoRestricted.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\json2.min.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\license.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\de\ (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\de\messages.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\en\ (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\en\messages.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\es\ (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\es\messages.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\fr\ (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\fr\messages.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\it\ (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\it\messages.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\nl\ (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\nl\messages.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\pt\ (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\pt\messages.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\popup.html (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\socialButtons.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\view.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\view_alert.js (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\assets\oobe\ (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\assets\oobe\b.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\assets\oobe\bl.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\assets\oobe\br.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\assets\oobe\l.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\assets\oobe\pointer.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\assets\oobe\r.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\assets\oobe\t.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\assets\oobe\tl.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\assets\oobe\tr.png (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\AviraBrowserSecurity.exe (AskBar) -> Deleted
      Size . . . . . . . : 238.288 bytes
      Age  . . . . . . . : 99.2 days (2012-09-30 10:20:10)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 065735286539FFFAFDFC6E3EEDED40E02A0F7A785E86C7A72361F880EBA7B40B
      Product  . . . . . : AviraBrowserSecurity
      Publisher  . . . . : APN LLC.
      Description  . . . : AviraBrowserSecurity
      Version  . . . . . : 1.0.0.1
      Copyright  . . . . : (c) APN LLC.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0

   C:\Program Files (x86)\Ask.com\AviraCallingIDhelper.dll (AskBar) -> Deleted
      Size . . . . . . . : 146.128 bytes
      Age  . . . . . . . : 99.2 days (2012-09-30 10:20:10)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 1B692AE7D1E5273D15664DA724F3EE363EA5D22755AD897B5268ADF775A62FB5
      Product  . . . . . : AviraHelper
      Publisher  . . . . : APN LLC
      Description  . . . : Avira COM API Helper
      Version  . . . . . : 1.0.0.1
      Copyright  . . . . : (c) APN LLC.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0

   C:\Program Files (x86)\Ask.com\CallingIDSDK\ (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll (AskBar) -> Deleted
      Size . . . . . . . : 1.591.376 bytes
      Age  . . . . . . . : 99.2 days (2012-09-30 10:20:10)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : CF7CF232205A1A57E6DC0CEEADB1B6F21B4A5F86A39A0A64DF28FC3BF5B5F873
      Product  . . . . . : CallingID
      Publisher  . . . . : CallingID Ltd.
      Version  . . . . . : 2.0.0.246
      Copyright  . . . . : CallingID (c). All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0

   C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLight.exe (AskBar) -> Deleted
      Size . . . . . . . : 1.534.032 bytes
      Age  . . . . . . . : 99.2 days (2012-09-30 10:20:10)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 1BB5D054D42DB938342616A582B015D6224AD474F46C1E3273592B8FDFCE48C7
      Product  . . . . . : CallingID
      Publisher  . . . . : CallingID Ltd.
      Version  . . . . . : 2.0.0.246
      Copyright  . . . . : CallingID (c). All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0

   C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLightPS.dll (AskBar) -> Deleted
      Size . . . . . . . : 71.760 bytes
      Age  . . . . . . . : 99.2 days (2012-09-30 10:20:10)
      Entropy  . . . . . : 5.5
      SHA-256  . . . . . : 8F8C3C54DBBE18D0E2E7BFA404B4DC0D5C6D2C57AD90B99FA9FF420411E01008
      Product  . . . . . : CallingID
      Publisher  . . . . : CallingID Ltd.
      Version  . . . . . : 2.0.0.246
      Copyright  . . . . : CallingID (c). All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0

   C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDWPADLight.exe (AskBar) -> Deleted
      Size . . . . . . . : 145.488 bytes
      Age  . . . . . . . : 99.2 days (2012-09-30 10:20:10)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 3CAABBCF93D07409CD3E1269471EAB812DAA70949F111782820C48FBEB0520BE
      Product  . . . . . : CallingID
      Publisher  . . . . : CallingID Ltd.
      Version  . . . . . : 2.0.0.246
      Copyright  . . . . : CallingID (c). All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0

   C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDWPADLightPS.dll (AskBar) -> Deleted
      Size . . . . . . . : 71.760 bytes
      Age  . . . . . . . : 99.2 days (2012-09-30 10:20:10)
      Entropy  . . . . . : 5.4
      SHA-256  . . . . . : 4723E189EB477F2131BB219F1D44E905EE052C096B168327FE0F0E38F4ABFE75
      Product  . . . . . : CallingID
      Publisher  . . . . : CallingID Ltd.
      Version  . . . . . : 2.0.0.246
      Copyright  . . . . : CallingID (c). All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0

   C:\Program Files (x86)\Ask.com\cb_c4f4.ico (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\cobrand.ico (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\config.xml (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\favicon.ico (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\fv_c090.ico (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (AskBar) -> Deleted
      Size . . . . . . . : 1.521.872 bytes
      Age  . . . . . . . : 99.2 days (2012-09-30 10:20:10)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : AB66399FDA62556BC57182476134F70A906755724EA46E714E4D7B05185833F0
      Product  . . . . . : Toolbar
      Publisher  . . . . : Ask
      Description  . . . : Avira SearchFree Toolbar
      Version  . . . . . : 5.15.5.26921
      Copyright  . . . . : (c) Ask.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -17.0
      Startup
         HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\
         HKU\S-1-5-21-1761086220-915579873-3192690886-1002\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC}
         HKU\S-1-5-21-1761086220-915579873-3192690886-1004\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
      References
         HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\
         HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\
         HKLM\SOFTWARE\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd.1\
         HKLM\SOFTWARE\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd\
         HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}\
         HKU\S-1-5-21-1761086220-915579873-3192690886-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}\
         HKU\S-1-5-21-1761086220-915579873-3192690886-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}\

   C:\Program Files (x86)\Ask.com\mupcfg.xml (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\precache.exe (AskBar) -> Deleted
      Size . . . . . . . : 70.864 bytes
      Age  . . . . . . . : 99.2 days (2012-09-30 10:20:10)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 2B98509E0352F38B933BA0DED710D81BDBFC9B0D2588227D7E69AE9B9D912A84
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -9.0

   C:\Program Files (x86)\Ask.com\SaUpdate.exe (AskBar) -> Deleted
      Size . . . . . . . : 197.840 bytes
      Age  . . . . . . . : 99.2 days (2012-09-30 10:20:10)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 0372D3949070B33CAEDBFE45536DB7EB08B249AAF222DD00FDD629B860A32A2C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -9.0

   C:\Program Files (x86)\Ask.com\Updater\ (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\Updater\config.xml (AskBar) -> Deleted
   C:\Program Files (x86)\Ask.com\Updater\Updater.exe (AskBar) -> Deleted
      Size . . . . . . . : 1.573.584 bytes
      Age  . . . . . . . : 99.2 days (2012-09-30 10:20:10)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : C77B34E73750B1DC1F495B37A1AFEED1627F5380490CC73AAD0F8E6D252AD613
      Product  . . . . . : Updater
      Publisher  . . . . : Ask
      Description  . . . : Ask Updater
      Version  . . . . . : 1.2.2.26921
      Copyright  . . . . : (c) Ask.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Running processes  : 3792
      Fuzzy  . . . . . . : -17.0

   C:\Program Files (x86)\Ask.com\UpdateTask.exe (AskBar) -> Deleted
      Size . . . . . . . : 136.400 bytes
      Age  . . . . . . . : 99.2 days (2012-09-30 10:20:10)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 24376D695E2C12109E25882BC7AE2D97C5B6C2B9801A6AD1F861CFEF10729653
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -13.0

   C:\Users\Anna Lena\AppData\Local\AskToolbar\ (AskBar) -> Deleted
   C:\Users\Anna Lena\AppData\Local\AskToolbar\Downloaded Program Files\ (AskBar) -> Deleted
   C:\Users\Anna Lena\AppData\Local\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll (AskBar) -> Deleted
      Size . . . . . . . : 1.084.920 bytes
      Age  . . . . . . . : 102.8 days (2012-09-26 20:20:30)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : CAA5FF447D8D4CAC0718E1F8C36015D8B0515D78707CE23B3C74D275A8D61EAF
      Product  . . . . . : Avira Addon
      Publisher  . . . . : Ask.com
      Description  . . . : Avira Addon
      Version  . . . . . : 3.0.0.1000
      Copyright  . . . . : (c) APN LLC.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -7.0

   C:\Users\Anna Lena\AppData\Local\AskToolbar\Downloaded Program Files\avr-4.inf (AskBar) -> Deleted
   C:\Users\Anna Lena\AppData\LocalLow\AskToolbar\ (AskBar) -> Deleted
   C:\Users\Anna Lena\AppData\LocalLow\AskToolbar\APNU\ (AskBar) -> Deleted
   C:\Users\Anna Lena\AppData\LocalLow\AskToolbar\APNU\config.xml (AskBar) -> Deleted
   C:\Users\Anna Lena\AppData\LocalLow\AskToolbar\Avira.install-bubble.config (AskBar) -> Deleted
   C:\Users\Anna Lena\AppData\LocalLow\AskToolbar\Avira.status.config (AskBar) -> Deleted
   C:\Users\Anna Lena\AppData\LocalLow\AskToolbar\avr-4.cab (AskBar) -> Deleted
   C:\Users\Anna Lena\AppData\LocalLow\AskToolbar\cache.dat (AskBar) -> Deleted
   C:\Users\Anna Lena\AppData\LocalLow\AskToolbar\config.xml (AskBar) -> Deleted
   C:\Users\Anna Lena\AppData\LocalLow\AskToolbar\osearch.xml (AskBar) -> Deleted
   C:\Users\Rainer\AppData\Local\AskToolbar\ (AskBar) -> Deleted
   C:\Users\Rainer\AppData\Local\AskToolbar\Downloaded Program Files\ (AskBar) -> Deleted
   C:\Users\Rainer\AppData\Local\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll (AskBar) -> Deleted
      Size . . . . . . . : 1.084.920 bytes
      Age  . . . . . . . : 102.8 days (2012-09-26 20:20:30)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : CAA5FF447D8D4CAC0718E1F8C36015D8B0515D78707CE23B3C74D275A8D61EAF
      Product  . . . . . : Avira Addon
      Publisher  . . . . : Ask.com
      Description  . . . : Avira Addon
      Version  . . . . . : 3.0.0.1000
      Copyright  . . . . : (c) APN LLC.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -7.0

   C:\Users\Rainer\AppData\Local\AskToolbar\Downloaded Program Files\avr-4.inf (AskBar) -> Deleted
   C:\Users\Rainer\AppData\LocalLow\AskToolbar\ (AskBar) -> Deleted
   C:\Users\Rainer\AppData\LocalLow\AskToolbar\almost.xml (AskBar) -> Deleted
   C:\Users\Rainer\AppData\LocalLow\AskToolbar\APNU\ (AskBar) -> Deleted
   C:\Users\Rainer\AppData\LocalLow\AskToolbar\APNU\config.xml (AskBar) -> Deleted
   C:\Users\Rainer\AppData\LocalLow\AskToolbar\avr-4.cab (AskBar) -> Deleted
   C:\Users\Rainer\AppData\LocalLow\AskToolbar\cache.dat (AskBar) -> Deleted
   C:\Users\Rainer\AppData\LocalLow\AskToolbar\osearch.xml (AskBar) -> Deleted
   C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar) -> Deleted
   C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1031.MST (AskBar) -> Deleted
   HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} (AskBar) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar) -> Deleted
   HKU\S-1-5-21-1761086220-915579873-3192690886-1002\Software\Ask.com\ (AskBar) -> Deleted
   HKU\S-1-5-21-1761086220-915579873-3192690886-1002\Software\AskToolbar\ (AskBar) -> Deleted
   HKU\S-1-5-21-1761086220-915579873-3192690886-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar) -> Deleted
   HKU\S-1-5-21-1761086220-915579873-3192690886-1004\Software\AskToolbar\ (AskBar) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Cookies\88SDTSLV.txt
   C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Cookies\FAJWYG42.txt
   C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Cookies\L4PL9SW7.txt
   C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Cookies\QTKJ0TVS.txt
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.07.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anna Lena :: RAINER-PC [limited]

Protection: Enabled

07.01.2013 18:11:35
mbam-log-2013-01-07 (18-11-35).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 311363
Time elapsed: 14 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
__________________
 

Themen zu GVU Trojaner
admin, ahnung, antivirus, avira, benutzer, bleibe, dateien, dateien gelöscht, erscheint, gelöscht, gen, gestern, gvu-trojaner, hallo zusammen, herstellen, hochfahren, interne, internet, malwarebytes, nichts, stunden, troja, trojaner, win, win7, win7 64, zusammen


« Trojan.JS.Redirector bei Aufruf von Firefox | browser higejackt - finde keinen hinweis »


Zum Thema GVU Trojaner - Hallo ryder, zunächst vielen Dank für die schnelle Antwort. Hier meine Lokfile: Code: Alles auswählen Aufklappen ATTFilter Code: Alles auswählen Aufklappen ATTFilter HitmanPro 3.7.0.185 www.hitmanpro.com Computer name . . . - GVU Trojaner...
Archiv
Du betrachtest: GVU Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132