Kann mit keinem browser googlemail öffnen - 404 Not Found
 

Hallo zusammen,

ich kann unabhängig vom verwendeten Browser (firefox, opera, explorer) googlemail nicht laden. Die Fehlermeldung ist die Folgende:

404 Not Found
The requested URL /mail/ was not found on this server.
Apache/2.2.12 (Ubuntu) Server at mail.google.com Port 80


Scheint mir ein Virus/Malware-Problem zu sein, denn das Problem persistiert auch nach dem Löschen von Cache & Cookies aller Browser, und nach dem Scannen mit den gängigen Programmen. Demnach liste ich hier die Funde auf. Gescannt ist das System einmal mit Avira Antivir und einmal mit Spybot Search & Destroy.

Antivir Detections (=> Gelöscht/Quarantäne)
TR/Crypt.XPACK.Gen Trojan
TR/Crypt.ZPACK.Gen Trojan
TR/Crypt.XPACK.Gen Trojan
JAVA/MundGura.D Java virus
JAVA/Exdoer.BE.2 Java virus
JAVA/Rast.A Java virus
ADSPY/AdSpy.Gen2 adware or spyware
TR/Vilsel.ayjv Trojan

Spybot Detections:
04.05.2011 22:44:22 - found: Fraud.HDDDefragmenter Link
04.05.2011 22:44:22 - found: Fraud.HDDDefragmenter Link
04.05.2011 22:46:59 - found: Microsoft.WindowsSecurityCenter.AntiVirusOverride Settings
04.05.2011 22:58:40 - found: DoubleClick Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:40 - found: Tradedoubler Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:40 - found: Tradedoubler Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:40 - found: Tradedoubler Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:40 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:40 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:40 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: FastClick Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: FastClick Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Statcounter Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: WebTrends live Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: FastClick Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Adviva Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: DoubleClick Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Statcounter Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Tradedoubler Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Tradedoubler Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: HitsLink Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: FastClick Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: FastClick Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Tradedoubler Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: DoubleClick Tracking cookie (Chrome: Chrome)
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Chrome: Chrome)
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Chrome: Chrome)
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Chrome: Chrome)


Hier folgt nur der LOG-File:OTL Logfile:
--- --- ---


Besten Dank für jegliche Hilfe!

hallo,
öffne avira, poste die ganzen fundmeldungen.
falls es ein avira scan war, schaue unter avira, reports.
falls es guard funde waren, avira, ereignisse.

Hi,

hier die Avira Reports, beginnend mit dem Ältesten:

1. Start of the scan: 4. May 2011 20:28
Starting search for hidden objects.
An ARK library instance is already running.

The scan of running processes will be started
Scan process 'msdtc.exe' - '49' Module(s) have been scanned
Scan process 'dllhost.exe' - '58' Module(s) have been scanned
Scan process 'dllhost.exe' - '51' Module(s) have been scanned
Scan process 'vssvc.exe' - '44' Module(s) have been scanned
Scan process 'avscan.exe' - '69' Module(s) have been scanned
Scan process 'wuauclt.exe' - '40' Module(s) have been scanned
Scan process 'update.exe' - '60' Module(s) have been scanned
Scan process 'alg.exe' - '41' Module(s) have been scanned
Scan process 'skypePM.exe' - '57' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'ctfmon.exe' - '33' Module(s) have been scanned
Scan process 'BTSTAC~1.EXE' - '58' Module(s) have been scanned
Scan process 'mscj2.exe' - '55' Module(s) have been scanned
Module is infected -> <C:\Documents and Settings\***\Application Data\1561484\mscj2.exe>
[DETECTION] Is the TR/Vilsel.ayjv Trojan
[NOTE] Process 'mscj2.exe' was terminated
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] The file could not be copied to quarantine!
[WARNING] An exception has been identified!
Scan process 'BTTray.exe' - '54' Module(s) have been scanned
Scan process 'avcenter.exe' - '67' Module(s) have been scanned
Scan process 'Skype.exe' - '125' Module(s) have been scanned
Scan process 'ctfmon.exe' - '33' Module(s) have been scanned
Scan process 'avgnt.exe' - '61' Module(s) have been scanned
Scan process 'MobileConnect.exe' - '119' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '27' Module(s) have been scanned
Scan process 'igfxpers.exe' - '29' Module(s) have been scanned
Scan process 'hkcmd.exe' - '32' Module(s) have been scanned
Scan process 'DDmService.exe' - '34' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '56' Module(s) have been scanned
Scan process 'jusched.exe' - '25' Module(s) have been scanned
Scan process 'winampa.exe' - '25' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '38' Module(s) have been scanned
Scan process 'Reader_sl.exe' - '24' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '57' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'wuauclt.exe' - '46' Module(s) have been scanned
Scan process 'Explorer.EXE' - '105' Module(s) have been scanned
Scan process 'btwdins.exe' - '24' Module(s) have been scanned
Scan process 'stk2135bsrv.exe' - '20' Module(s) have been scanned
Scan process 'VMCService.exe' - '61' Module(s) have been scanned
Scan process 'svchost.exe' - '46' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '33' Module(s) have been scanned
Scan process 'jqs.exe' - '39' Module(s) have been scanned
Scan process 'EvtEng.exe' - '85' Module(s) have been scanned
Scan process 'avguard.exe' - '61' Module(s) have been scanned
Scan process 'acs.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'sched.exe' - '43' Module(s) have been scanned
Scan process 'spoolsv.exe' - '69' Module(s) have been scanned
Scan process 'vpnagent.exe' - '69' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '79' Module(s) have been scanned
Scan process 'svchost.exe' - '162' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'savedump.exe' - '34' Module(s) have been scanned
Scan process 'services.exe' - '37' Module(s) have been scanned
Scan process 'winlogon.exe' - '66' Module(s) have been scanned
Scan process 'csrss.exe' - '11' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '301' files ).



End of the scan: 4. May 2011 20:31
Used time: 02:57 Minute(s)

The scan has been canceled!

0 Scanned directories
3306 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
3305 Files not concerned
0 Archives were scanned

2. Start of the scan: 4. May 2011 20:28
The scan of running processes will be started
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned
Scan process 'mscj2.exe' - '1' Module(s) have been scanned
Module is infected -> <C:\Documents and Settings\***\Application Data\1561484\mscj2.exe>
[DETECTION] Is the TR/Vilsel.ayjv Trojan
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'MobileConnect.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'DDmService.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'Reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'stk2135bsrv.exe' - '1' Module(s) have been scanned
Scan process 'VMCService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'vpnagent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'savedump.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe'
The registration entry <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr> was removed successfully.
The registration entry <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr> was removed successfully.
C:\Documents and Settings\***\Application Data\1561484\mscj2.exe
[DETECTION] Is the TR/Vilsel.ayjv Trojan
[NOTE] The file was moved to the quarantine directory under the name '54d91f51.qua'.
The repair notes were written to the file 'C:\avrescue\rescue.avp'.


End of the scan: 4. May 2011 20:36
Used time: 01:59 Minute(s)

The scan has been done completely.

0 Scanned directories
52 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
50 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.

3. Start of the scan: 4. May 2011 21:02

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'vssvc.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'MobileConnect.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'DDmService.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'stk2135bsrv.exe' - '1' Module(s) have been scanned
Scan process 'VMCService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'vpnagent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe'
C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4caf0243.qua'.


End of the scan: 4. May 2011 21:02
Used time: 00:13 Minute(s)

The scan has been done completely.

0 Scanned directories
56 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
55 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.

4. Start of the scan: 4. May 2011 21:39

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'MobileConnect.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'DDmService.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'stk2135bsrv.exe' - '1' Module(s) have been scanned
Scan process 'VMCService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'vpnagent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Documents and Settings\***\My Documents\Downloads\Setup.exe'
C:\Documents and Settings\***\My Documents\Downloads\Setup.exe
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen2 adware or spyware
[NOTE] The file was moved to the quarantine directory under the name '4cbe0a83.qua'.


End of the scan: 4. May 2011 21:39
Used time: 00:11 Minute(s)

The scan has been done completely.

0 Scanned directories
53 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
52 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.

5. Start of the scan: 4. May 2011 20:40

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'plugin-container.exe' - '65' Module(s) have been scanned
Scan process 'firefox.exe' - '128' Module(s) have been scanned
Scan process 'msdtc.exe' - '49' Module(s) have been scanned
Scan process 'dllhost.exe' - '66' Module(s) have been scanned
Scan process 'dllhost.exe' - '54' Module(s) have been scanned
Scan process 'vssvc.exe' - '54' Module(s) have been scanned
Scan process 'avscan.exe' - '78' Module(s) have been scanned
Scan process 'alg.exe' - '41' Module(s) have been scanned
Scan process 'wuauclt.exe' - '40' Module(s) have been scanned
Scan process 'skypePM.exe' - '57' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '49' Module(s) have been scanned
Scan process 'BTSTAC~1.EXE' - '58' Module(s) have been scanned
Scan process 'BTTray.exe' - '54' Module(s) have been scanned
Scan process 'Skype.exe' - '125' Module(s) have been scanned
Scan process 'ctfmon.exe' - '33' Module(s) have been scanned
Scan process 'avgnt.exe' - '53' Module(s) have been scanned
Scan process 'MobileConnect.exe' - '119' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '27' Module(s) have been scanned
Scan process 'igfxpers.exe' - '29' Module(s) have been scanned
Scan process 'hkcmd.exe' - '32' Module(s) have been scanned
Scan process 'DDmService.exe' - '34' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '52' Module(s) have been scanned
Scan process 'jusched.exe' - '25' Module(s) have been scanned
Scan process 'winampa.exe' - '25' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '38' Module(s) have been scanned
Scan process 'btwdins.exe' - '24' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '53' Module(s) have been scanned
Scan process 'Explorer.EXE' - '88' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'stk2135bsrv.exe' - '20' Module(s) have been scanned
Scan process 'VMCService.exe' - '61' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '33' Module(s) have been scanned
Scan process 'jqs.exe' - '39' Module(s) have been scanned
Scan process 'EvtEng.exe' - '85' Module(s) have been scanned
Scan process 'avguard.exe' - '60' Module(s) have been scanned
Scan process 'acs.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'sched.exe' - '43' Module(s) have been scanned
Scan process 'spoolsv.exe' - '69' Module(s) have been scanned
Scan process 'vpnagent.exe' - '69' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '79' Module(s) have been scanned
Scan process 'svchost.exe' - '159' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'services.exe' - '37' Module(s) have been scanned
Scan process 'winlogon.exe' - '66' Module(s) have been scanned
Scan process 'csrss.exe' - '11' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\AntiVirus AntiSpyware.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

The registry was scanned ( '410' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\***\Application Data\1561484\bbzzkzz18.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\AntiVirus AntiSpyware.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securitymanager.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\24\604aca18-27d5d440
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/MundGura.D Java virus
--> google/stomp.class
[DETECTION] Contains recognition pattern of the JAVA/MundGura.D Java virus
C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\54\385f7636-4bd16492
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BE.2 Java virus
C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\54\61b14836-197a8946
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Rast.A Java virus
--> folder/Ump_45.class
[DETECTION] Contains recognition pattern of the JAVA/Rast.A Java virus
C:\Documents and Settings\***\My Documents\Downloads\Setup.exe
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen2 adware or spyware
C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP94\A0108165.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

Beginning disinfection:
C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP94\A0108165.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] A backup was created as '47291d54.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\***\My Documents\Downloads\Setup.exe
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen2 adware or spyware
[WARNING] The file could not be copied to the quarantine directory.
[WARNING] The source file could not be found.
[NOTE] The file was deleted!
C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\54\61b14836-197a8946
[DETECTION] Contains recognition pattern of the JAVA/Rast.A Java virus
[NOTE] A backup was created as '5c6f32f5.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\54\385f7636-4bd16492
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BE.2 Java virus
[NOTE] A backup was created as '0de56814.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\24\604aca18-27d5d440
[DETECTION] Contains recognition pattern of the JAVA/MundGura.D Java virus
[NOTE] A backup was created as '6bd127de.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securitymanager.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] A backup was created as '2d840abd.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file could not be copied to the quarantine directory.
[WARNING] The source file could not be found.
[NOTE] The file was deleted!
C:\Documents and Settings\***\Application Data\1561484\bbzzkzz18.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] A backup was created as '528038d2.qua' ( QUARANTINE )
[NOTE] The file was deleted!
The registration entry <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr> was removed successfully.
C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\AntiVirus AntiSpyware.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus_AntiSpyware_2011> was removed successfully.
[NOTE] A backup was created as '1e361483.qua' ( QUARANTINE )
[NOTE] The file was deleted!


End of the scan: 4. May 2011 22:39
Used time: 1:56:02 Hour(s)

The scan has been done completely.

7994 Scanned directories
879467 Files were scanned
10 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
9 files were deleted
0 Viruses and unwanted programs were repaired
7 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
879457 Files not concerned
11185 Archives were scanned
2 Warnings
9 Notes
381721 Objects were scanned with rootkit scan
0 Hidden objects were found

6. Start of the scan: 5. May 2011 08:38

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'stk2135bsrv.exe' - '1' Module(s) have been scanned
Scan process 'VMCService.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'MobileConnect.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'DDmService.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'AAWService.exe' - '1' Module(s) have been scanned
Scan process 'vpnagent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108176.exe'
C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108176.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4fa6e771.qua'.


End of the scan: 5. May 2011 08:38
Used time: 00:08 Minute(s)

The scan has been done completely.

0 Scanned directories
52 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
51 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.

7. Start of the scan: 5. May 2011 11:40

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'Adobe_Updater.exe' - '1' Module(s) have been scanned
Scan process 'Ad-Aware.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'MobileConnect.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'stk2135bsrv.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'VMCService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'AAWService.exe' - '1' Module(s) have been scanned
Scan process 'vpnagent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108177.exe'
C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108177.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4fa6d1d0.qua'.
Begin scan in 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108178.exe'
C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108178.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5731fe77.qua'.


End of the scan: 5. May 2011 11:40
Used time: 00:16 Minute(s)

The scan has been done completely.

0 Scanned directories
54 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
52 Files not concerned
0 Archives were scanned
0 Warnings
2 Notes


The scan results will be transferred to the Guard.



Hier die Avira Ereignisse, wieder beginnend mit dem Ältesten:

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

The file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe'
contained a virus or unwanted program 'TR/Vilsel.ayjv' [trojan]
Action(s) taken:
The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscj2> could not be removed.
An error has occurred and the file was not deleted. ErrorID: 26003.
The file could not be deleted!
Attempting to perform action using the ARK library.
The file was moved to the quarantine directory under the name '54d91f51.qua'.
The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscj2> could not be removed.

Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe.
Action performed: Deny access

The file 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4caf0243.qua'.

Virus or unwanted program 'ADSPY/AdSpy.Gen2 [adware]'
detected in file 'C:\Documents and Settings\***\My Documents\Downloads\Setup.exe.
Action performed: Deny access

The file 'C:\Documents and Settings\***\My Documents\Downloads\Setup.exe'
contained a virus or unwanted program 'ADSPY/AdSpy.Gen2' [adware]
Action(s) taken:
The file was moved to the quarantine directory under the name '4cbe0a83.qua'.

The file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP94\A0108165.exe'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
Action(s) taken:
A backup was created as '47291d54.qua' ( QUARANTINE ).
The file was deleted!

The file 'C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\54\385f7636-4bd16492'
contained a virus or unwanted program 'JAVA/Exdoer.BE.2' [virus]
Action(s) taken:
A backup was created as '0de56814.qua' ( QUARANTINE ).
The file was deleted!

The file 'C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\24\604aca18-27d5d440'
contained a virus or unwanted program 'JAVA/MundGura.D' [virus]
Action(s) taken:
A backup was created as '6bd127de.qua' ( QUARANTINE ).
The file was deleted!

The file 'C:\Documents and Settings\***\My Documents\Downloads\Setup.exe'
contained a virus or unwanted program 'ADSPY/AdSpy.Gen2' [adware]
Action(s) taken:
The file could not be copied to the quarantine directory.
The source file could not be found.
The file was deleted!

The file 'C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\54\61b14836-197a8946'
contained a virus or unwanted program 'JAVA/Rast.A' [virus]
Action(s) taken:
A backup was created as '5c6f32f5.qua' ( QUARANTINE ).
The file was deleted!

The file 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
Action(s) taken:
The file could not be copied to the quarantine directory.
The source file could not be found.
The file was deleted!

The file 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securitymanager.exe'
contained a virus or unwanted program 'TR/Crypt.ZPACK.Gen' [trojan]
Action(s) taken:
A backup was created as '2d840abd.qua' ( QUARANTINE ).
The file was deleted!

The file 'C:\Documents and Settings\***\Application Data\1561484\bbzzkzz18.exe'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
Action(s) taken:
A backup was created as '528038d2.qua' ( QUARANTINE ).
The file was deleted!

The file 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\AntiVirus AntiSpyware.exe'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
Action(s) taken:
The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus_AntiSpyware_2011> was removed successfully.
A backup was created as '1e361483.qua' ( QUARANTINE ).
The file was deleted!

Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108176.exe.
Action performed: Deny access

The file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108176.exe'
contained a virus or unwanted program 'TR/Crypt.ZPACK.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4fa6e771.qua'.

Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108177.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108178.exe.
Action performed: Deny access

The file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108177.exe'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4fa6d1d0.qua'.

The file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108178.exe'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '5731fe77.qua'.

warum ist avira bei dir auf englisch :-)

Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten.

Is doch klar mann, weil ich hier voll cool rüberkommen will ;)
Vielen Dank schon mal für Deine Hilfe!

Hier also der OTL-File:OTL Logfile:
--- --- ---



Hier der Extras.Txt:OTL Logfile:
--- --- ---

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
:Files
:Commands
[purity]
[EMPTYFLASH]
[resethosts]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

Hi markusg,

super!!! Jetzt geht's! Du kennst Dich wirklich aus.
Würd' mich jetzt nur noch kurz interessieren, woran's letztendlich lag.. Virus? Wenn ja, was hat der verändert?

ja ich weis, aber wo ist das log?
es war eine enderung in der hosts datei.
wir müssen noch weiter prüfen ob wir den schuldigen finden

Hier ist sie:

All processes killed
========== OTL ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: ***
->Flash cache emptied: 5067 bytes

User: Default User

User: LocalService

User: NetworkService

User: ***
->Flash cache emptied: 5846 bytes

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: ***
->Temp folder emptied: 10970598 bytes
->Temporary Internet Files folder emptied: 17149911 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 87848287 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 2976168 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 1985912 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: ***
->Temp folder emptied: 24335334 bytes
->Temporary Internet Files folder emptied: 36590765 bytes
->Java cache emptied: 758087 bytes
->FireFox cache emptied: 139459304 bytes
->Google Chrome cache emptied: 392714701 bytes
->Opera cache emptied: 468450 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 348689 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1093817 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64721900 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 747,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05062011_125417

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Hier ist der combofix log:

Combofix Logfile:
--- --- ---

lade den ccleaner slim:
Piriform - Builds
falls der ccleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Puh, jetzt wird's richtig spannend. Leider konnte ich Deinen Anweisung nicht folgen, da ein neues Problem aufgetreten ist: Nach dem Starten wird die Taskleiste unten geladen, jedoch bleibt der Desktop schwarz. Es sind weder Programme noch jegliche Dateien zu finden. Es kommt folgende Fehlermeldung:

"The system has detected a problem with one or more installed IDE/SATA hard disks. It is recommended that you restart the system".

Auch nach Neustart erscheint erneut dasselbe Problem und diesselbe Meldung.
Zusätzlich war auf dem Desktop nach dem Neustart eine Meldung von Avira zu finden. "TR/Kazy-mekml.1" detected.

Was nun?

Unten rechts war zu lesen:

"Critical Error
Windows can't find hard disk space. Hard drive error"

Genau, ist das Problem mit "Windows Recovery"...
Ist es überhaupt sinnvoll hier noch was zu machen? Oder lieber gleich neu formatieren? Wenn ja, was beachten?