Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Cyber attack from my IP address/ JAVA/Exdoer.BB.2 Java virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Cyber attack from my IP address/ JAVA/Exdoer.BB.2 Java virus

Unread postby jdr 275 » June 16th, 2011, 2:01 pm

Hello,

I have been informed by my internet server that an attack on a foreign PC/system was registered as originating from my IP address :shock: . I carried out a scan using Antivir.( See attached log) and received a notification that the scanner had detected Contents of a recognition pattern of the JAVA/Exdoer.BB.2 Java virus Contains recognition pattern of the JAVA/Exdoer.BB.2 Java virus
--> rilop/boji.class

I had another virus detected on this PC in Jan 2011, the case was worked on by ASKEY127.
The PC was then clean and since then Antivir has been running with regular updates. In addition I have Winpatrol running parallel.

:cheers:

Antivir log



Avira AntiVir Personal
Report file date: Donnerstag, 16. Juni 2011 17:49

Scanning for 2782749 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : XP-7B8DE3E8A570

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 01.04.2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 28.04.2011 13:34:59
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01.04.2010 11:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 13.12.2010 07:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 10.02.2010 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 17:37:49
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 17:19:55
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 13:40:23
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 13:08:29
VBASE005.VDF : 7.11.8.179 2048 Bytes 31.05.2011 13:08:29
VBASE006.VDF : 7.11.8.180 2048 Bytes 31.05.2011 13:08:29
VBASE007.VDF : 7.11.8.181 2048 Bytes 31.05.2011 13:08:29
VBASE008.VDF : 7.11.8.182 2048 Bytes 31.05.2011 13:08:29
VBASE009.VDF : 7.11.8.183 2048 Bytes 31.05.2011 13:08:29
VBASE010.VDF : 7.11.8.184 2048 Bytes 31.05.2011 13:08:29
VBASE011.VDF : 7.11.8.185 2048 Bytes 31.05.2011 13:08:30
VBASE012.VDF : 7.11.8.186 2048 Bytes 31.05.2011 13:08:30
VBASE013.VDF : 7.11.8.222 121856 Bytes 02.06.2011 18:47:28
VBASE014.VDF : 7.11.9.7 134656 Bytes 04.06.2011 10:08:17
VBASE015.VDF : 7.11.9.42 136192 Bytes 06.06.2011 15:52:02
VBASE016.VDF : 7.11.9.72 117248 Bytes 07.06.2011 15:52:03
VBASE017.VDF : 7.11.9.107 130560 Bytes 09.06.2011 16:26:35
VBASE018.VDF : 7.11.9.143 132096 Bytes 10.06.2011 16:26:35
VBASE019.VDF : 7.11.9.172 141824 Bytes 14.06.2011 13:00:34
VBASE020.VDF : 7.11.9.214 144896 Bytes 15.06.2011 13:00:36
VBASE021.VDF : 7.11.9.215 2048 Bytes 15.06.2011 13:00:36
VBASE022.VDF : 7.11.9.216 2048 Bytes 15.06.2011 13:00:36
VBASE023.VDF : 7.11.9.217 2048 Bytes 15.06.2011 13:00:36
VBASE024.VDF : 7.11.9.218 2048 Bytes 15.06.2011 13:00:36
VBASE025.VDF : 7.11.9.219 2048 Bytes 15.06.2011 13:00:36
VBASE026.VDF : 7.11.9.220 2048 Bytes 15.06.2011 13:00:36
VBASE027.VDF : 7.11.9.221 2048 Bytes 15.06.2011 13:00:36
VBASE028.VDF : 7.11.9.222 2048 Bytes 15.06.2011 13:00:36
VBASE029.VDF : 7.11.9.223 2048 Bytes 15.06.2011 13:00:37
VBASE030.VDF : 7.11.9.224 2048 Bytes 15.06.2011 13:00:37
VBASE031.VDF : 7.11.9.236 142848 Bytes 16.06.2011 13:00:39
Engineversion : 8.2.5.20
AEVDF.DLL : 8.1.2.1 106868 Bytes 13.12.2010 07:39:51
AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 28.05.2011 09:26:01
AESCN.DLL : 8.1.7.2 127349 Bytes 13.12.2010 07:39:50
AESBX.DLL : 8.2.1.34 323957 Bytes 02.06.2011 18:48:34
AERDL.DLL : 8.1.9.9 639347 Bytes 27.03.2011 13:02:46
AEPACK.DLL : 8.2.6.9 557429 Bytes 16.06.2011 13:00:54
AEOFFICE.DLL : 8.1.1.25 205178 Bytes 02.06.2011 18:48:31
AEHEUR.DLL : 8.1.2.128 3547512 Bytes 16.06.2011 13:00:52
AEHELP.DLL : 8.1.17.2 246135 Bytes 24.05.2011 13:52:34
AEGEN.DLL : 8.1.5.6 401780 Bytes 24.05.2011 13:52:34
AEEMU.DLL : 8.1.3.0 393589 Bytes 13.12.2010 07:39:42
AECORE.DLL : 8.1.21.1 196983 Bytes 26.05.2011 13:25:04
AEBB.DLL : 8.1.1.0 53618 Bytes 13.12.2010 07:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 13.12.2010 07:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 13.12.2010 07:39:54
AVREP.DLL : 10.0.0.10 174120 Bytes 17.05.2011 13:21:18
AVREG.DLL : 10.0.3.2 53096 Bytes 13.12.2010 07:39:54
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 28.04.2011 13:34:59
AVARKT.DLL : 10.0.22.6 231784 Bytes 13.12.2010 07:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 13.12.2010 07:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 13.12.2010 07:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 13.12.2010 07:40:20

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, F:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Donnerstag, 16. Juni 2011 17:49

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-789336058-299502267-839522115-1011\Software\Microsoft\Internet Explorer\Recovery\Active\{78b1a4bb-9830-11e0-963c-00d05c216404}
[NOTE] The registry entry is invisible.
%USERPROFILE%\Lokale Einstellungen\Verlauf\History.IE5\MSHist012011061620110617
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Verlauf\History.IE5\MSHist012011061620110617
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-789336058-299502267-839522115-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011061620110617\cacheprefix
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-789336058-299502267-839522115-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011061620110617\cachelimit
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-789336058-299502267-839522115-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011061620110617\cacheoptions
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-789336058-299502267-839522115-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011061620110617\cacherepair
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\mpDRM\LicenseStore\checkvalue
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\mpDRM\LicenseStore\129d6da1
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '30' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '29' Module(s) have been scanned
Scan process 'msdtc.exe' - '41' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '46' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '68' Module(s) have been scanned
Scan process 'avcenter.exe' - '64' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '50' Module(s) have been scanned
Scan process 'alg.exe' - '34' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'SMAgent.exe' - '14' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '17' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '20' Module(s) have been scanned
Scan process 'Dropbox.exe' - '54' Module(s) have been scanned
Scan process 'WindowsSearch.exe' - '70' Module(s) have been scanned
Scan process 'ctfmon.exe' - '26' Module(s) have been scanned
Scan process 'jusched.exe' - '20' Module(s) have been scanned
Scan process 'winpatrol.exe' - '37' Module(s) have been scanned
Scan process 'avgnt.exe' - '52' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '34' Module(s) have been scanned
Scan process 'NBService.exe' - '38' Module(s) have been scanned
Scan process 'MZCCntrl.exe' - '6' Module(s) have been scanned
Scan process 'jqs.exe' - '93' Module(s) have been scanned
Scan process 'avguard.exe' - '54' Module(s) have been scanned
Scan process 'Explorer.EXE' - '112' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '13' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'sched.exe' - '46' Module(s) have been scanned
Scan process 'spoolsv.exe' - '61' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '169' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '12' Module(s) have been scanned
Scan process 'lsass.exe' - '59' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '74' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '2360' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Dokumente und Einstellungen\Papa\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\62\560440fe-3f84ed58
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BB.2 Java virus
--> olig/aret.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BB.2 Java virus
--> rilop/boji.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BE.2 Java virus
Begin scan in 'F:\'

Beginning disinfection:
C:\Dokumente und Einstellungen\Papa\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\62\560440fe-3f84ed58
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BE.2 Java virus
[NOTE] The file was moved to the quarantine directory under the name '44a39a87.qua'.


End of the scan: Donnerstag, 16. Juni 2011 19:30
Used time: 1:06:09 Hour(s)

The scan has been done completely.

12021 Scanned directories
309171 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
309169 Files not concerned
4245 Archives were scanned
0 Warnings
10 Notes
486192 Objects were scanned with rootkit scan
9 Hidden objects were found

dds log

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Papa at 19:39:52 on 2011-06-16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1023.477 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\BillP Studios\WinPatrol\winpatrol.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Desktop Search\WindowsSearch.exe
C:\Dokumente und Einstellungen\Papa\Anwendungsdaten\Dropbox\bin\Dropbox.exe
C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/webhp?rls=ig
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Download Manager Browser Helper Object: {19c8e43b-07b3-49cb-bffc-6777b593e6f8} -
TB: {76222034-5CFA-4A43-AADE-1E5DACB71469} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {981FE6A8-260C-4930-960F-C3BC82746CB0} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\programme\ati technologies\ati control panel\atiptaxx.exe
mRun: [QuickTime Task] "c:\programme\quicktime\QTTask.exe" -atboottime
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
mRun: [WinPatrol] c:\programme\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\papa\startm~1\progra~1\autost~1\dropbox.lnk - c:\dokumente und einstellungen\papa\anwendungsdaten\dropbox\bin\Dropbox.exe
StartupFolder: c:\dokume~1\papa\startm~1\progra~1\autost~1\onenot~1.lnk - c:\programme\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\window~1.lnk - c:\programme\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\programme\icqlite\ICQLite.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/Shar ... vSniff.cab
DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - hxxp://www.pixaco.de/static/download/pi ... upload.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/17.17/uploader2.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/Fac ... oader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/Fac ... loader.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/Shar ... /cabsa.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://icq.oberon-media.com/Gameshell/G ... meHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7CAEFA61-3C40-4EDD-A5BC-DDBC32F9FF24} : DhcpNameServer = 192.168.2.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\programme\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\papa\anwendungsdaten\mozilla\firefox\profiles\36q4p1xj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\dokumente und einstellungen\papa\anwendungsdaten\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\programme\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\programme\gemeinsame dateien\fluxdvd\apix\NPAPIX.dll
FF - plugin: c:\programme\gemeinsame dateien\fluxdvd\browserintegration\NPFluxBrowserHelper.dll
FF - plugin: c:\programme\gemeinsame dateien\mpdrm\NPMPDRM.dll
FF - plugin: c:\programme\google\picasa3\npPicasa3.dll
FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\programme\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programme\real\realarcade\plugins\mozilla\npracplug.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2007-10-24 15172]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2005-9-9 77312]
R1 avgio;avgio;c:\programme\avira\antivir desktop\avgio.sys [2011-1-10 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\avira\antivir desktop\sched.exe [2011-1-10 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\programme\avira\antivir desktop\avguard.exe [2011-1-10 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-10 61960]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\gemeinsame dateien\marmiko shared\MZCCntrl.exe [2007-3-11 61440]
R3 TSMPacket;DSL-Manager Service;c:\windows\system32\drivers\tsmpkt.sys [2008-1-12 13824]
R3 TTDVBLCD;TechnoTrend DVB PCI budget Driver;c:\windows\system32\drivers\ttdvblcd.sys [2007-3-13 65952]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\drivers\DslTestSp5.sys [2008-4-6 26816]
S3 HotSpotFSvc;Hotspot Manager;"c:\programme\gemeinsame dateien\t-com\hotspotmgr\hotspotfsvc.exe" --> c:\programme\gemeinsame dateien\t-com\hotspotmgr\HotSpotFSvc.exe [?]
S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\gemein~1\marmik~1\MACNDIS5.SYS [2007-3-11 17280]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\gemein~1\marmik~1\minfrais\MIINPazX.SYS [2007-7-1 17152]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 TDslMgrService;DSL-Manager;c:\programme\dsl-manager\DslMgrSvc.exe [2008-4-6 307200]
S3 ulisa;Telekom ISDN-Adapter (USB);c:\windows\system32\drivers\ulisa.sys --> c:\windows\system32\drivers\ulisa.sys [?]
.
=============== Created Last 30 ================
.
2011-06-16 13:18:13 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-06 10:55:30 183696 ----a-w- c:\programme\mozilla firefox\plugins\nppdf32.dll
2011-06-06 10:55:30 183696 ----a-w- c:\programme\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:05:35 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:05:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:05:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 19:40:46,57 ===============


attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 09.09.2005 20:13:05
System Uptime: 16.06.2011 17:41:00 (2 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K8V-X
Processor: AMD Athlon(tm) 64 Processor 3000+ | Socket 754 | 2002/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 153 GiB total, 90,673 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (FAT32) - 31 GiB total, 26,573 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6500c
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6500c
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP543: 24.03.2011 18:00:32 - Software Distribution Service 3.0
RP544: 03.04.2011 14:00:28 - Systemprüfpunkt
RP545: 14.04.2011 18:00:41 - Software Distribution Service 3.0
RP546: 16.04.2011 16:03:26 - Systemprüfpunkt
RP547: 17.04.2011 16:55:29 - Systemprüfpunkt
RP548: 20.04.2011 18:13:24 - Systemprüfpunkt
RP549: 21.04.2011 18:31:32 - Systemprüfpunkt
RP550: 24.04.2011 17:08:40 - Systemprüfpunkt
RP551: 28.04.2011 17:06:59 - Systemprüfpunkt
RP552: 28.04.2011 18:00:16 - Software Distribution Service 3.0
RP553: 30.04.2011 19:47:05 - Systemprüfpunkt
RP554: 02.05.2011 16:34:07 - Systemprüfpunkt
RP555: 05.05.2011 17:02:23 - Systemprüfpunkt
RP556: 10.05.2011 17:11:42 - Systemprüfpunkt
RP557: 12.05.2011 16:16:40 - Software Distribution Service 3.0
RP558: 13.05.2011 17:15:00 - Systemprüfpunkt
RP559: 15.05.2011 12:34:38 - Systemprüfpunkt
RP560: 16.05.2011 13:20:05 - Systemprüfpunkt
RP561: 17.05.2011 16:29:31 - Systemprüfpunkt
RP562: 19.05.2011 16:51:43 - Systemprüfpunkt
RP563: 26.05.2011 16:58:03 - Systemprüfpunkt
RP564: 28.05.2011 12:23:12 - Systemprüfpunkt
RP565: 31.05.2011 16:46:01 - Systemprüfpunkt
RP566: 05.06.2011 13:34:47 - Systemprüfpunkt
RP567: 06.06.2011 16:14:33 - Systemprüfpunkt
RP568: 12.06.2011 20:31:34 - Systemprüfpunkt
RP569: 16.06.2011 16:25:21 - Systemprüfpunkt
RP570: 16.06.2011 17:24:24 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
7digital Download Manager
AC3File (remove only)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0) - Deutsch
AnyDVD
Apple Application Support
Apple Software Update
ATI - Dienstprogramm zur Deinstallation der Software
ATI Control Panel
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
BufferChm
CCleaner
Command & Conquer Alarmstufe Rot 2
Command && Conquer Alarmstufe Rot 2 - Yuris Rache
Command &&& Conquer Red Alert 2 - Yuri's Revenge - Purple Alert
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Panorama1Config
CueTour
CustomerResearchQFolder
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
Dropbox
DSL-Manager
DVD Shrink 3.2
eSupportQFolder
Facebook Plug-In
Flickr Uploadr 3.0.5
FullDPAppQFolder
Google Earth
Google Toolbar for Firefox
Hotfix für Windows Internet Explorer 7 (KB947864)
Hotfix für Windows Media Player 11 (KB939683)
Hotfix für Windows XP (KB2443685)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
Hotfix für Windows XP (KB970653-v3)
Hotfix für Windows XP (KB976098-v2)
Hotfix für Windows XP (KB979306)
Hotfix für Windows XP (KB981793)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
HP Deskjet 5900 series
HP Extended Capabilities 5.0
HP Image Zone 5.0
HP Imaging Device Functions 5.0
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
HP Update
HPDeskjet5900Series
HPProductAssistant
Image Resizer Powertoy for Windows XP
IMAPSize 0.3.7
InstantShareDevices
InterVideo FilterSDK for Techno Trend
Iomega Product Registration
iTunes
Java Auto Updater
Java(TM) 6 Update 24
JourneySoftwarePromo
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (German) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Software Update for Web Folders (German) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft XML Parser
Mozilla Firefox 4.0.1 (x86 de)
Mozilla Thunderbird (3.1.2)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
Nero BurnRights
neroxml
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
PhotoGallery
Picasa 3
Playlist tool
PowerDVD
QuickTime
RandMap
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2183461)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2497640)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2530548)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2544521)
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381)
Sicherheitsupdate für Windows Media Player (KB2378111)
Sicherheitsupdate für Windows Media Player (KB911564)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player (KB975558)
Sicherheitsupdate für Windows Media Player (KB978695)
Sicherheitsupdate für Windows Media Player 10 (KB911565)
Sicherheitsupdate für Windows Media Player 10 (KB917734)
Sicherheitsupdate für Windows Media Player 10 (KB936782)
Sicherheitsupdate für Windows Media Player 11 (KB936782)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)
Sicherheitsupdate für Windows XP (KB2079403)
Sicherheitsupdate für Windows XP (KB2115168)
Sicherheitsupdate für Windows XP (KB2121546)
Sicherheitsupdate für Windows XP (KB2160329)
Sicherheitsupdate für Windows XP (KB2229593)
Sicherheitsupdate für Windows XP (KB2259922)
Sicherheitsupdate für Windows XP (KB2286198)
Sicherheitsupdate für Windows XP (KB2296011)
Sicherheitsupdate für Windows XP (KB2296199)
Sicherheitsupdate für Windows XP (KB2347290)
Sicherheitsupdate für Windows XP (KB2360937)
Sicherheitsupdate für Windows XP (KB2387149)
Sicherheitsupdate für Windows XP (KB2393802)
Sicherheitsupdate für Windows XP (KB2412687)
Sicherheitsupdate für Windows XP (KB2419632)
Sicherheitsupdate für Windows XP (KB2423089)
Sicherheitsupdate für Windows XP (KB2436673)
Sicherheitsupdate für Windows XP (KB2440591)
Sicherheitsupdate für Windows XP (KB2443105)
Sicherheitsupdate für Windows XP (KB2476490)
Sicherheitsupdate für Windows XP (KB2476687)
Sicherheitsupdate für Windows XP (KB2478960)
Sicherheitsupdate für Windows XP (KB2478971)
Sicherheitsupdate für Windows XP (KB2479628)
Sicherheitsupdate für Windows XP (KB2479943)
Sicherheitsupdate für Windows XP (KB2481109)
Sicherheitsupdate für Windows XP (KB2483185)
Sicherheitsupdate für Windows XP (KB2485376)
Sicherheitsupdate für Windows XP (KB2485663)
Sicherheitsupdate für Windows XP (KB2491683)
Sicherheitsupdate für Windows XP (KB2503658)
Sicherheitsupdate für Windows XP (KB2503665)
Sicherheitsupdate für Windows XP (KB2506212)
Sicherheitsupdate für Windows XP (KB2506223)
Sicherheitsupdate für Windows XP (KB2507618)
Sicherheitsupdate für Windows XP (KB2508272)
Sicherheitsupdate für Windows XP (KB2508429)
Sicherheitsupdate für Windows XP (KB2509553)
Sicherheitsupdate für Windows XP (KB2511455)
Sicherheitsupdate für Windows XP (KB2524375)
Sicherheitsupdate für Windows XP (KB2535512)
Sicherheitsupdate für Windows XP (KB2536276)
Sicherheitsupdate für Windows XP (KB2544893)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923689)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950760)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951376)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB953839)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960715)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371)
Sicherheitsupdate für Windows XP (KB961373)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969898)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB970430)
Sicherheitsupdate für Windows XP (KB971468)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973525)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975561)
Sicherheitsupdate für Windows XP (KB975562)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977165)
Sicherheitsupdate für Windows XP (KB977816)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978037)
Sicherheitsupdate für Windows XP (KB978251)
Sicherheitsupdate für Windows XP (KB978262)
Sicherheitsupdate für Windows XP (KB978338)
Sicherheitsupdate für Windows XP (KB978542)
Sicherheitsupdate für Windows XP (KB978601)
Sicherheitsupdate für Windows XP (KB978706)
Sicherheitsupdate für Windows XP (KB979309)
Sicherheitsupdate für Windows XP (KB979482)
Sicherheitsupdate für Windows XP (KB979559)
Sicherheitsupdate für Windows XP (KB979683)
Sicherheitsupdate für Windows XP (KB979687)
Sicherheitsupdate für Windows XP (KB980195)
Sicherheitsupdate für Windows XP (KB980218)
Sicherheitsupdate für Windows XP (KB980232)
Sicherheitsupdate für Windows XP (KB980436)
Sicherheitsupdate für Windows XP (KB981322)
Sicherheitsupdate für Windows XP (KB981852)
Sicherheitsupdate für Windows XP (KB981997)
Sicherheitsupdate für Windows XP (KB982132)
Sicherheitsupdate für Windows XP (KB982214)
Sicherheitsupdate für Windows XP (KB982665)
SkinsHP1
SolutionCenter
Sonic_PrimoSDK
SoundMAX
Status
T-Online 6.0
T-Online WLAN-Access Finder
TheSkyX First Light Edition
TrayApp
Uninstall 1.0.0.1
Unload
Update für Windows Internet Explorer 8 (KB968220)
Update für Windows Internet Explorer 8 (KB976662)
Update für Windows Internet Explorer 8 (KB976749)
Update für Windows Internet Explorer 8 (KB980182)
Update für Windows XP (KB2141007)
Update für Windows XP (KB2345886)
Update für Windows XP (KB2467659)
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Update für Windows XP (KB955759)
Update für Windows XP (KB955839)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB971029)
Update für Windows XP (KB971737)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
USB Flachbettscanner
VCRedistSetup
VIA Integrated Setup Wizard
Videoload Manager 1.0.1095
WebFldrs XP
WebReg
Wichtiges Update für Windows Media Player 11 (KB959772)
WinAce Archiver
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Desktop Search 3.01
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Mail
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinPatrol
WinTV NOVA
.
==== End Of File ===========================
jdr 275
Regular Member
 
Posts: 20
Joined: January 5th, 2011, 7:29 am
Advertisement
Register to Remove

Re: Cyber attack from my IP address/ JAVA/Exdoer.BB.2 Java v

Unread postby melboy » June 18th, 2011, 11:02 am

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


==============================================================


Gmer

Download GMER Rootkit Scanner from here.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If GMER crashes or results in a BSoD, please inform me --

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.



TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.


    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.




In your next reply:
  1. MBAM log
  2. GMER log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Cyber attack from my IP address/ JAVA/Exdoer.BB.2 Java v

Unread postby jdr 275 » June 19th, 2011, 9:12 am

:bounce:

Hi Melboy,

Thanks for the quick responce. I carried out all your instructions. Everything ran through without any problems.
MBAM and GMER Log below.


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-19 14:33:17
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6L160P0 rev.BAH41E00
Running: c4c7q235.exe; Driver: C:\DOKUME~1\Papa\LOKALE~1\Temp\afacqaoc.sys


---- System - GMER 1.0.15 ----

SSDT F7C13276 ZwCreateKey
SSDT F7C1326C ZwCreateThread
SSDT F7C1327B ZwDeleteKey
SSDT F7C13285 ZwDeleteValueKey
SSDT F7C1328A ZwLoadKey
SSDT F7C13258 ZwOpenProcess
SSDT F7C1325D ZwOpenThread
SSDT F7C13294 ZwReplaceKey
SSDT F7C1328F ZwRestoreKey
SSDT F7C13280 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\PzWDM.sys entry point in "init" section [0xF79E430E]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[408] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00F51B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\MSS12441.log 131072 bytes

---- EOF - GMER 1.0.15 ----


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6894

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19.06.2011 14:59:16
mbam-log-2011-06-19 (14-59-16).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 202864
Laufzeit: 7 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\dokumente und einstellungen\Papa\anwendungsdaten\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\all users\startmenü\online spyware test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\all users\startmenü\run virus scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\WINDOWS\f49f4daa.dat (Worm.Koobface) -> Quarantined and deleted successfully.
c:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.

:cheers:
jdr 275
Regular Member
 
Posts: 20
Joined: January 5th, 2011, 7:29 am

Re: Cyber attack from my IP address/ JAVA/Exdoer.BB.2 Java v

Unread postby melboy » June 19th, 2011, 10:14 am

Hi

The malware detected by Avira is is a detection for an malicious Java class that exploits the vulnerability described in CVE-2010-0840
A successful exploitation could have lead to remote code execution and the subsequent download & installation of malware.
I believe you were not vulnerable to this exploit attempt due to the version of Java you have installed. It does however outline the importance of keeping Java updated.


Update Java Runtime

You are using an old version of Java. Oracle's Java (Was Sun Java) is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Oracle Java is: Java Runtime Environment Version 6 Update 26.

  • Go to Oracle Java
  • Scroll down to where it says "Java Platform, Standard Edition. Java SE 6 Update 26"
  • Click the Download JRE button to the right.
  • Check the box to Accept License Agreement
  • In the list of files, Look to Windows x86 Offline & click on the link to the right which says "jre-6u26-windows-i586.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java via Start > Control Panel > Add/Remove Programs:
    Java(TM) 6 Update 24
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer



TFC

You should still have this on your desktop.

  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)
  • Re-enable your anti-virus software.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Cyber attack from my IP address/ JAVA/Exdoer.BB.2 Java v

Unread postby jdr 275 » June 19th, 2011, 1:10 pm

Hi Melboy.

Thanks . I have updated Java and conducted the online scan. See log below.
My son has a PC which is also connected to my network. What are the chances that his PC has also been infected.
Can we continue in this open topic, with his PC or should I post a new topic. :D


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=5f36709815a21f42885c77758b4268f1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-19 05:00:26
# local_time=2011-06-19 07:00:26 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 66036393 66036393 0 0
# compatibility_mode=768 16777215 100 0 168647983 168647983 0 0
# compatibility_mode=1797 16775141 100 93 258856 45034291 10193 0
# compatibility_mode=8192 67108863 100 0 342 342 0 0
# scanned=68912
# found=0
# cleaned=0
# scan_time=5103
jdr 275
Regular Member
 
Posts: 20
Joined: January 5th, 2011, 7:29 am

Re: Cyber attack from my IP address/ JAVA/Exdoer.BB.2 Java v

Unread postby melboy » June 19th, 2011, 1:52 pm

jdr 275 wrote:My son has a PC which is also connected to my network. What are the chances that his PC has also been infected. Can we continue in this open topic, with his PC or should I post a new topic.


It may be his PC that is the computer responsible with regards to the message from your ISP, as I'm not seeing any signs of an active infection on this PC that would be at the root of the problem.

Do bare in mind that your previous topic you had a Backdoor infection. In the case of Backdoor infections it is sometimes best that the HDD is re-formatted and the OS re-installed. That way, you can be sure that any infections that may go "under the radar" are definitely removed.

I think it best that we finish this topic and you start a fresh topic with your sons computer. As always please read the forum policies before starting the topic.

viewtopic.php?f=11&t=47959




Your log now appears to be clean.
This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


OTC by OldTimer

Download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself


=======================================================================


General Security and Computer Health

Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

Clear Infected System Restore Points

  • Turn System Restore off
  • On the Desktop, right click on the My Computer icon.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
    Restart your computer
    -
  • Turn System Restore on
  • On the Desktop, right click on the My Computer icon.
  • Click Properties.
  • Click the System Restore tab.
  • Uncheck Turn off System Restore on all drives.
  • Click Apply
  • Click each drive in turn where system restore is not required and click Settings
    Note: System restore is only needed on drives with an operating system installed
  • For each drive without an operating system, check Turn off system restore on this drive, click Yes then click OK.
Note: only do this once, and not on a regular basis


  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Major Antivirus Products

  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.

  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • Malwarebytes' Anti-Malware
    As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version can be used as an addition to an anti-virus & includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
    It's IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
  • Install and use a firewall with outbound protection
    The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
    Suggestions:

    [Please note that trial pay is not needed to get any product for free.]


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Cyber attack from my IP address/ JAVA/Exdoer.BB.2 Java v

Unread postby jdr 275 » June 20th, 2011, 4:06 am

:lol:

Hi Melboy,
Thank you very much. I will take heed of your advice and I have implemented some of your suggestions already.
Once again I have received superb support from malwareremoval.Thank you. I will post a seperate topic for the PC from my son, and refer to this topic.

:cheers: :cheers: :cheers:
jdr 275
Regular Member
 
Posts: 20
Joined: January 5th, 2011, 7:29 am

Re: Cyber attack from my IP address/ JAVA/Exdoer.BB.2 Java v

Unread postby melboy » June 20th, 2011, 2:03 pm

You're welcome. ;)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Cyber attack from my IP address/ JAVA/Exdoer.BB.2 Java v

Unread postby Cypher » June 20th, 2011, 2:11 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 127 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware