| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Firewall lässt sich nicht mehr aktivieren/deaktivierenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.05.2012, 22:23
| #1 |
| |  Windows Firewall lässt sich nicht mehr aktivieren/deaktivieren Hallo zusammen, seit gestern lassen sich auf meinem Laptop die Firewalleinstellungen nicht mehr ändern. Es wird immer Fehlercode 0x80070424 angezeigt. Ich habe ein Posting mit dem selben Problem gefunden, wo es sich um ein Rootkit handelt. Habe jetzt wie in der Anleitung die Logfiles erstellt, könnt ihr mir vielleicht sagen was ich tun muss, um das Problem zu lösen? Hier ist der DDS.txt File .DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Run by fpuehringer at 22:46:43 on 2012-05-24
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=109989&babsrc=HP_ss&mntrId=6ca28172000000000000001f3bbaba75
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Alles mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: Free YouTube to Mp3 Converter - C:\Users\\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{9CE96408-1C36-4868-A7B3-393ABB041792} : NameServer = 192.168.1.1
TCP: Interfaces\{A87DC884-B46C-407E-BD9D-3B9F93FF7C8D} : DhcpNameServer = 192.168.1.99
TCP: Interfaces\{A87DC884-B46C-407E-BD9D-3B9F93FF7C8D}\14C60756E626C69636B6 : DhcpNameServer = 213.33.99.70 80.120.17.70
TCP: Interfaces\{A87DC884-B46C-407E-BD9D-3B9F93FF7C8D}\16C6F69637 : DhcpNameServer = 172.20.0.1
TCP: Interfaces\{A87DC884-B46C-407E-BD9D-3B9F93FF7C8D}\E4544574541425 : DhcpNameServer = 192.168.1.100
TCP: Interfaces\{A87DC884-B46C-407E-BD9D-3B9F93FF7C8D}\E4544574541425F5548545 : DhcpNameServer = 192.168.1.100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{2EECD738-5844-4a99-B4B6-146BF802613B}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{98889811-442D-49dd-99D7-DC866BE87DBC}
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\t19dad9p.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109989&babsrc=adbartrp&mntrId=6ca28172000000000000001f3bbaba75&q=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=109989&babsrc=HP_ss&mntrId=6ca28172000000000000001f3bbaba75
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\t19dad9p.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\t19dad9p.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Users\\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 6ca28172000000000000001f3bbaba75
FF - user.js: extensions.BabylonToolbar_i.hardId - 6ca28172000000000000001f3bbaba75
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15417
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:07:17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109989
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-05-24 20:31:03 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2012-05-24 20:31:03 109056 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2012-05-24 20:24:32 -------- d-----w- C:\fc8d9a0a67114989befb01d57b
2012-05-24 20:19:57 98816 ----a-w- C:\Windows\System32\wudriver.dll
2012-05-24 20:19:46 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-05-24 20:19:46 185216 ----a-w- C:\Windows\System32\wuwebv.dll
2012-05-24 20:19:31 2621440 ----a-w- C:\Windows\System32\wucltux.dll
2012-05-24 17:49:58 -------- d-----w- C:\Windows\pss
2012-05-24 17:46:21 -------- d-----w- C:\96a7511aa095f9944b251704a62efc
2012-05-24 17:37:12 -------- d-----w- C:\1532aa27f7c84e3edf5dc4e49920
2012-05-24 16:45:08 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-24 16:25:44 -------- d-----w- C:\Windows\CheckSur
2012-05-24 16:24:08 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-24 16:05:42 -------- d-----w- C:\748600a71bd78e231802c1eb5c
2012-05-23 21:38:45 -------- d-----w- C:\Users\\AppData\Local\ElevatedDiagnostics
2012-05-23 20:15:53 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-05-23 20:14:23 -------- d-----w- C:\Windows\System32\EventProviders
2012-05-23 19:55:34 -------- d-----w- C:\Users\\AppData\Local\LogMeIn Hamachi
2012-05-23 19:55:14 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-05-19 15:37:13 -------- d-----w- C:\Windows\System32\appmgmt
2012-05-13 17:16:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-13 17:16:09 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-13 17:16:08 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-05-13 17:16:08 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-05-13 17:16:07 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-13 17:16:07 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-13 17:16:07 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-05-13 17:16:07 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-05-13 17:16:07 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-05-13 17:16:07 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-05-13 17:15:15 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-13 17:15:14 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-05-13 17:15:13 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-13 17:15:13 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-13 17:15:08 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-13 17:14:56 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-13 17:14:46 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-13 17:14:45 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 17:14:44 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 17:14:43 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-13 17:14:43 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-01 09:11:35 2557952 ----a-w- C:\Windows\SysWow64\QtCore4.dll
2012-05-01 09:11:33 405176 ----a-w- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
.
==================== Find3M ====================
.
2012-05-24 20:45:43 44544 ----a-w- C:\Windows\SysWow64\agremove.exe
2012-05-24 20:42:32 17408 ----a-w- C:\Windows\System32\rpcnetp.exe
2012-05-24 16:45:28 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-19 16:25:01 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-05-19 16:25:00 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-05-19 16:24:59 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-05-19 16:24:59 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:45:41 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:40:14 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:35:16 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:35:54 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:33:03 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-02-28 05:40:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 05:38:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-02-28 05:17:41 482816 ----a-w- C:\Windows\System32\html.iec
2012-02-28 04:35:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 04:31:46 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-02-28 03:57:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 22:49:16,58 ===============
Ich hoffe ich habe das so richtig gemacht. Vielen Dank für eure Hilfe im Voraus!! Geändert von Puehres (24.05.2012 um 22:30 Uhr) |
|
25.05.2012, 15:29
| #2 |
| /// Malware-holic   | Windows Firewall lässt sich nicht mehr aktivieren/deaktivieren hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
| Themen zu Windows Firewall lässt sich nicht mehr aktivieren/deaktivieren |
| 0x8007042, 0x80070424, adobe, avg, avg secure search, avg security toolbar, babylon toolbar, babylontoolbar, c:\windows\system32\cmd.exe, conduit, converter, dealply, download, explorer, firefox, firewall, free, free download, google, helper, laptop, link, logfiles, microsoft, mozilla, mp3, pdf, plug-in, problem, rootkit, search the web, secure, secure search, security, system32, windows, windows firewall |
Linear-Darstellung
