| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Zugriff zur Win Firewall, dem Defender und dem Windowsupdate nach Avira DeinstallationWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.04.2012, 15:34
| #1 |
| |  Zugriff zur Win Firewall, dem Defender und dem Windowsupdate nach Avira Deinstallation Guten Tag, ich konnte mit der Google-Suche bisher keine Hinweise für einen Lösungsansatz für mein Problem finden. Es handelt es sich um ein Windows 7 Home Premium 32-Bit OS. Ich habe die Avira Internet Security deinstalliert und konnte daraufhin weder auf den Defender, die Firewall oder das Windows Update zugreifen. Avira wurde von mir mit dem Revo Uninstaller deinstalliert. (Um sicherzugehen das sämlichte Registrierungseinträge, Autostarts etc. entfernt werden.) Deffoger gab mir keine Fehlermeldung aus. Nachdem ich die Checkliste bearbeitet habe, verlor ich dann auch den Zugriff über den Webbrowser in das Internet.(Mein Adapter zeigt mir allerdings eine Verbindung an.) DDS-Log: .DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.0.0
Run by Minibuster at 15:39:19 on 2012-04-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1012.559 [GMT 2:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\dllhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://de.ask.com/?l=dis&o=14672
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [TrueCrypt] "c:\program files\truecrypt\TrueCrypt.exe" /q preferences /a logon
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{53FC9E88-02D7-4021-911B-CD2F02BE8F45} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{53FC9E88-02D7-4021-911B-CD2F02BE8F45}\275646F553 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{53FC9E88-02D7-4021-911B-CD2F02BE8F45}\34F4E4E454344594F4E405F494E445 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{53FC9E88-02D7-4021-911B-CD2F02BE8F45}\5416379724F687D2333483643353 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{53FC9E88-02D7-4021-911B-CD2F02BE8F45}\6457E6B6E65647A7775627B6 : DhcpNameServer = 192.168.2.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\minibuster\appdata\roaming\mozilla\firefox\profiles\qzdnfs23.default\
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2012-4-11 111160]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-11 36000]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-4-11 74640]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2012-4-11 91096]
S2 AntiVirFirewallService;Avira FireWall;"c:\program files\avira\antivir desktop\avfwsvc.exe" --> c:\program files\avira\antivir desktop\avfwsvc.exe [?]
S2 AntiVirMailService;Avira Email Schutz;"c:\program files\avira\antivir desktop\avmailc.exe" --> c:\program files\avira\antivir desktop\avmailc.exe [?]
S2 AntiVirSchedulerService;Avira Planer;"c:\program files\avira\antivir desktop\sched.exe" --> c:\program files\avira\antivir desktop\sched.exe [?]
S2 AntiVirService;Avira Echtzeit Scanner;"c:\program files\avira\antivir desktop\avguard.exe" --> c:\program files\avira\antivir desktop\avguard.exe [?]
S2 AntiVirWebService;Avira Browser Schutz;"c:\program files\avira\antivir desktop\avwebgrd.exe" --> c:\program files\avira\antivir desktop\AVWEBGRD.EXE [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 253600]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-4-5 514152]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-3-16 52224]
.
=============== Created Last 30 ================
.
2012-04-11 12:43:31 -------- d-----w- c:\users\minibuster\appdata\roaming\Avira
2012-04-11 12:42:32 91096 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-04-11 12:42:32 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-11 12:42:32 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-11 12:42:32 111160 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-04-11 12:42:30 -------- d-----w- c:\program files\Avira
2012-04-10 18:15:06 4125344 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-10 17:08:21 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-10 12:53:04 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2012-04-10 08:34:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-10 08:31:08 -------- d-----w- c:\program files\Oracle
2012-04-10 07:44:15 -------- d-----w- c:\users\minibuster\appdata\roaming\Safer Networking
2012-04-10 07:44:03 -------- d-----w- c:\program files\Safer Networking
2012-04-10 07:39:55 -------- d-----w- c:\program files\CCleaner
2012-04-10 06:30:42 -------- d-----w- c:\users\minibuster\appdata\roaming\Panda Security
2012-04-10 06:28:31 -------- d-----w- c:\programdata\Panda Security
2012-04-10 06:28:31 -------- d-----w- c:\program files\Panda Security
2012-04-10 06:27:53 -------- d-----w- C:\temp
2012-04-10 05:53:43 -------- d-----w- c:\program files\DsNET Corp
2012-04-10 05:53:32 -------- d-----w- c:\programdata\Ask
2012-04-05 12:51:07 -------- d-----w- C:\AULOGS
2012-04-05 10:31:28 -------- d-----w- C:\5f7bfa7686a6995a07d35577fbc33d8c
2012-04-05 09:14:55 80488 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-04-05 09:14:55 514152 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-04-05 09:12:20 -------- d-----w- c:\users\minibuster\appdata\local\PackageAware
2012-04-05 09:06:51 -------- d-----w- c:\program files\Uniblue
2012-04-05 08:48:03 -------- d-----w- C:\867c20b5f9d799a900b418ff2f3bbc
2012-04-05 06:46:41 -------- d-----w- c:\windows\ehome
2012-04-05 06:46:32 -------- d-----w- c:\program files\Windows Journal
2012-04-05 05:50:48 -------- d-----w- c:\program files\VS Revo Group
2012-04-04 17:37:10 -------- d-----w- C:\ff12d2a06665507c2a5cca8df65ed60b
2012-04-04 17:11:13 128792 ----a-w- c:\windows\system\wucltui.dll
2012-04-04 17:09:36 173536 ----a-w- c:\windows\system\wuweb.dll
2012-04-04 17:07:39 -------- d--h--w- c:\program files\WindowsUpdate
2012-04-04 17:04:30 195352 ----a-w- c:\windows\system\wuaueng1.dll
2012-04-04 11:35:33 -------- d-----w- c:\windows\SoftwareDistributionAlt
2012-04-04 11:03:44 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-04-04 11:03:35 91952 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-04-03 13:36:52 -------- d-----w- c:\users\minibuster\VirtualBox VMs
2012-04-03 12:47:54 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-04-03 12:47:54 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-04-03 12:47:52 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-03-28 10:21:20 -------- d-----w- c:\users\minibuster\appdata\roaming\Foxit Software
2012-03-28 09:49:04 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-03-28 09:46:22 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-03-28 09:45:49 -------- d-----w- C:\Intel
2012-03-28 09:25:54 -------- d-----w- c:\users\minibuster\appdata\roaming\Wireshark
2012-03-28 05:42:46 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4b33ccc1-fd0c-49ba-a5ff-692941b712be}\mpengine.dll
2012-03-27 07:29:08 -------- d-----w- c:\users\minibuster\.thumbnails
2012-03-27 07:25:04 -------- d-----w- c:\users\minibuster\.gimp-2.6
2012-03-26 14:00:55 -------- d-----w- c:\users\minibuster\appdata\local\MetaGeek,_LLC
2012-03-22 08:41:17 -------- d-----w- c:\users\minibuster\appdata\roaming\codeblocks
2012-03-22 06:48:06 -------- d-----r- C:\Sandbox
2012-03-22 06:37:45 -------- d-----w- c:\program files\Wireshark
2012-03-21 04:49:15 -------- d-----w- c:\users\minibuster\appdata\roaming\LibreOffice
2012-03-21 04:40:22 -------- d-----w- c:\windows\ShellNew
2012-03-21 04:38:21 -------- d-----w- c:\program files\LibreOffice 3.5
2012-03-21 02:23:07 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-03-21 02:22:51 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-21 00:27:17 -------- d-----w- C:\13c5585bbecb98cbbc7fe861
2012-03-20 20:18:48 -------- d-----w- c:\users\minibuster\appdata\roaming\TuneUp Software
2012-03-20 20:17:48 -------- d-----w- c:\programdata\TuneUp Software
2012-03-20 20:17:42 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-03-20 17:01:11 -------- d-----w- c:\program files\Synaptics
2012-03-20 16:59:53 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-03-20 16:59:49 231856 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-03-20 16:59:49 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-03-20 16:59:49 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-03-20 16:59:48 206120 ----a-w- c:\windows\system32\SynCtrl.dll
2012-03-20 16:59:47 173352 ----a-w- c:\windows\system32\SynCOM.dll
2012-03-20 16:32:59 100968 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-03-20 16:18:19 1606368 ----a-w- c:\windows\system32\drivers\athw.sys
2012-03-20 15:54:50 -------- d-----w- c:\programdata\Uniblue
2012-03-20 15:17:00 264704 ----a-w- c:\windows\system32\ssleay32.dll
2012-03-20 15:17:00 264704 ----a-w- c:\windows\system32\libssl32.dll
2012-03-20 15:17:00 1177600 ----a-w- c:\windows\system32\libeay32.dll
2012-03-20 13:38:12 -------- d-----w- c:\users\minibuster\appdata\roaming\mIRC
2012-03-20 13:38:12 -------- d-----w- c:\program files\mIRC
2012-03-20 09:41:43 -------- d-----w- c:\program files\CodeBlocks
2012-03-19 17:59:55 -------- d-----w- c:\users\minibuster\appdata\local\ElevatedDiagnostics
2012-03-19 13:50:38 -------- d-----w- c:\programdata\Trend Micro
2012-03-19 09:33:33 -------- d-----w- c:\program files\VideoLAN
2012-03-19 09:32:31 -------- d-----w- c:\program files\TeamViewer
2012-03-19 09:28:51 -------- d-----w- c:\program files\OpenVPN
2012-03-19 09:23:11 -------- d-----w- c:\program files\GIMP-2.0
2012-03-19 09:22:07 -------- d-----w- c:\program files\Foxit Software
2012-03-18 12:38:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-17 15:27:31 -------- d-----w- c:\programdata\TrueCrypt
2012-03-17 15:22:53 -------- d-----w- c:\users\minibuster\appdata\roaming\TrueCrypt
2012-03-17 13:55:30 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-03-17 13:54:24 -------- d-----w- c:\program files\TrueCrypt
2012-03-17 11:59:47 -------- d-----w- c:\users\minibuster\appdata\roaming\JonDo
2012-03-17 11:38:36 -------- d-----w- c:\programdata\Avira
2012-03-17 11:30:28 -------- d-----w- c:\users\minibuster\.VirtualBox
2012-03-17 10:15:26 -------- d-----w- c:\users\minibuster\appdata\local\Mozilla
2012-03-17 10:11:33 544656 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-16 17:10:11 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-03-16 17:10:10 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-16 17:09:20 -------- d-----w- c:\users\minibuster\appdata\local\Diagnostics
2012-03-16 10:45:21 -------- d-sh--w- c:\windows\Installer
2012-03-16 09:30:10 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-16 09:30:10 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-16 08:50:57 -------- d-----w- c:\windows\system32\SPReview
2012-03-16 08:50:26 -------- d-----w- c:\windows\system32\EventProviders
2012-03-16 08:41:59 811520 ----a-w- c:\windows\system32\user32.dll
2012-03-16 08:40:59 98304 ----a-w- c:\windows\system32\fphc.dll
2012-03-16 08:36:04 1699328 ----a-w- c:\windows\system32\esent.dll
2012-03-16 08:36:03 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-03-16 08:36:03 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-03-16 08:36:03 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-03-16 08:36:02 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-03-16 08:36:02 74240 ----a-w- c:\windows\system32\fsutil.exe
2012-03-16 08:36:02 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-03-16 08:36:02 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-03-16 08:36:02 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2012-03-16 08:35:53 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-03-16 08:35:53 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-03-16 08:35:53 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-03-16 08:35:53 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-03-16 08:35:53 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-03-16 08:35:53 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-03-16 08:35:53 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-03-16 07:53:56 1006104 ----a-w- c:\windows\system32\igxpun.exe
2012-03-16 07:53:56 -------- d-----w- c:\windows\system32\x64
2012-03-16 07:07:17 293376 ----a-w- c:\windows\system32\browserchoice.exe
2012-03-16 07:00:15 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-16 07:00:14 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-16 06:59:00 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-03-16 06:58:55 571904 ----a-w- c:\windows\system32\oleaut32.dll
2012-03-16 06:58:55 233472 ----a-w- c:\windows\system32\oleacc.dll
2012-03-16 06:58:50 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-16 06:56:55 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-16 06:55:59 741376 ----a-w- c:\windows\system32\inetcomm.dll
2012-03-16 06:38:52 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-03-16 06:38:07 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-16 06:38:06 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-03-16 06:38:06 107520 ----a-w- c:\windows\system32\cdd.dll
2012-03-16 05:26:00 -------- d-----w- c:\users\minibuster\appdata\local\VirtualStore
2012-03-16 05:22:50 -------- d-----w- c:\windows\system32\wbem\Performance
2012-03-16 05:13:08 -------- d-----w- c:\windows\SD_ALT
2012-03-16 05:05:11 -------- d-----w- c:\windows\Panther
.
==================== Find3M ====================
.
2012-03-16 09:09:58 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 15:40:52,63 ===============
Ich hoffe mir kann schnell geholfen werden. Danke für die Bemühungen, und dieses Forum schoneinmal im vorraus. Gruß the k1d |
| Themen zu Zugriff zur Win Firewall, dem Defender und dem Windowsupdate nach Avira Deinstallation |
| adobe flash player, antivir, avg, avira, checkliste, defender, email, explorer, fehlermeldung, firefox, firewall, flash player, helper, home, internet, mozilla, plug-in, preferences, problem, realtek, revo uninstaller, scan, schutz, security, software, svchost.exe, system, virtualbox, vista, windows, windows 7 home |
Baum-Darstellung