Kann mit keinem browser googlemail öffnen - 404 Not Found
 

Hallo zusammen,

ich kann unabhängig vom verwendeten Browser (firefox, opera, explorer) googlemail nicht laden. Die Fehlermeldung ist die Folgende:

404 Not Found
The requested URL /mail/ was not found on this server.
Apache/2.2.12 (Ubuntu) Server at mail.google.com Port 80


Scheint mir ein Virus/Malware-Problem zu sein, denn das Problem persistiert auch nach dem Löschen von Cache & Cookies aller Browser, und nach dem Scannen mit den gängigen Programmen. Demnach liste ich hier die Funde auf. Gescannt ist das System einmal mit Avira Antivir und einmal mit Spybot Search & Destroy.

Antivir Detections (=> Gelöscht/Quarantäne)
TR/Crypt.XPACK.Gen Trojan
TR/Crypt.ZPACK.Gen Trojan
TR/Crypt.XPACK.Gen Trojan
JAVA/MundGura.D Java virus
JAVA/Exdoer.BE.2 Java virus
JAVA/Rast.A Java virus
ADSPY/AdSpy.Gen2 adware or spyware
TR/Vilsel.ayjv Trojan

Spybot Detections:
04.05.2011 22:44:22 - found: Fraud.HDDDefragmenter Link
04.05.2011 22:44:22 - found: Fraud.HDDDefragmenter Link
04.05.2011 22:46:59 - found: Microsoft.WindowsSecurityCenter.AntiVirusOverride Settings
04.05.2011 22:58:40 - found: DoubleClick Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:40 - found: Tradedoubler Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:40 - found: Tradedoubler Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:40 - found: Tradedoubler Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:40 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:40 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:40 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: FastClick Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: FastClick Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Statcounter Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: WebTrends live Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: FastClick Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Adviva Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: DoubleClick Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Statcounter Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Tradedoubler Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Tradedoubler Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: HitsLink Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: FastClick Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: FastClick Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Tradedoubler Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: Zedo Tracking cookie (Firefox: *** (default))
04.05.2011 22:58:41 - found: DoubleClick Tracking cookie (Chrome: Chrome)
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Chrome: Chrome)
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Chrome: Chrome)
04.05.2011 22:58:41 - found: MediaPlex Tracking cookie (Chrome: Chrome)


Hier folgt nur der LOG-File:OTL Logfile:
--- --- ---


Besten Dank für jegliche Hilfe!

hallo,
öffne avira, poste die ganzen fundmeldungen.
falls es ein avira scan war, schaue unter avira, reports.
falls es guard funde waren, avira, ereignisse.

Hi,

hier die Avira Reports, beginnend mit dem Ältesten:

1. Start of the scan: 4. May 2011 20:28
Starting search for hidden objects.
An ARK library instance is already running.

The scan of running processes will be started
Scan process 'msdtc.exe' - '49' Module(s) have been scanned
Scan process 'dllhost.exe' - '58' Module(s) have been scanned
Scan process 'dllhost.exe' - '51' Module(s) have been scanned
Scan process 'vssvc.exe' - '44' Module(s) have been scanned
Scan process 'avscan.exe' - '69' Module(s) have been scanned
Scan process 'wuauclt.exe' - '40' Module(s) have been scanned
Scan process 'update.exe' - '60' Module(s) have been scanned
Scan process 'alg.exe' - '41' Module(s) have been scanned
Scan process 'skypePM.exe' - '57' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'ctfmon.exe' - '33' Module(s) have been scanned
Scan process 'BTSTAC~1.EXE' - '58' Module(s) have been scanned
Scan process 'mscj2.exe' - '55' Module(s) have been scanned
Module is infected -> <C:\Documents and Settings\***\Application Data\1561484\mscj2.exe>
[DETECTION] Is the TR/Vilsel.ayjv Trojan
[NOTE] Process 'mscj2.exe' was terminated
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] The file could not be copied to quarantine!
[WARNING] An exception has been identified!
Scan process 'BTTray.exe' - '54' Module(s) have been scanned
Scan process 'avcenter.exe' - '67' Module(s) have been scanned
Scan process 'Skype.exe' - '125' Module(s) have been scanned
Scan process 'ctfmon.exe' - '33' Module(s) have been scanned
Scan process 'avgnt.exe' - '61' Module(s) have been scanned
Scan process 'MobileConnect.exe' - '119' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '27' Module(s) have been scanned
Scan process 'igfxpers.exe' - '29' Module(s) have been scanned
Scan process 'hkcmd.exe' - '32' Module(s) have been scanned
Scan process 'DDmService.exe' - '34' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '56' Module(s) have been scanned
Scan process 'jusched.exe' - '25' Module(s) have been scanned
Scan process 'winampa.exe' - '25' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '38' Module(s) have been scanned
Scan process 'Reader_sl.exe' - '24' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '57' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'wuauclt.exe' - '46' Module(s) have been scanned
Scan process 'Explorer.EXE' - '105' Module(s) have been scanned
Scan process 'btwdins.exe' - '24' Module(s) have been scanned
Scan process 'stk2135bsrv.exe' - '20' Module(s) have been scanned
Scan process 'VMCService.exe' - '61' Module(s) have been scanned
Scan process 'svchost.exe' - '46' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '33' Module(s) have been scanned
Scan process 'jqs.exe' - '39' Module(s) have been scanned
Scan process 'EvtEng.exe' - '85' Module(s) have been scanned
Scan process 'avguard.exe' - '61' Module(s) have been scanned
Scan process 'acs.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'sched.exe' - '43' Module(s) have been scanned
Scan process 'spoolsv.exe' - '69' Module(s) have been scanned
Scan process 'vpnagent.exe' - '69' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '79' Module(s) have been scanned
Scan process 'svchost.exe' - '162' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'savedump.exe' - '34' Module(s) have been scanned
Scan process 'services.exe' - '37' Module(s) have been scanned
Scan process 'winlogon.exe' - '66' Module(s) have been scanned
Scan process 'csrss.exe' - '11' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '301' files ).



End of the scan: 4. May 2011 20:31
Used time: 02:57 Minute(s)

The scan has been canceled!

0 Scanned directories
3306 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
3305 Files not concerned
0 Archives were scanned

2. Start of the scan: 4. May 2011 20:28
The scan of running processes will be started
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned
Scan process 'mscj2.exe' - '1' Module(s) have been scanned
Module is infected -> <C:\Documents and Settings\***\Application Data\1561484\mscj2.exe>
[DETECTION] Is the TR/Vilsel.ayjv Trojan
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'MobileConnect.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'DDmService.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'Reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'stk2135bsrv.exe' - '1' Module(s) have been scanned
Scan process 'VMCService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'vpnagent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'savedump.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe'
The registration entry <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr> was removed successfully.
The registration entry <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr> was removed successfully.
C:\Documents and Settings\***\Application Data\1561484\mscj2.exe
[DETECTION] Is the TR/Vilsel.ayjv Trojan
[NOTE] The file was moved to the quarantine directory under the name '54d91f51.qua'.
The repair notes were written to the file 'C:\avrescue\rescue.avp'.


End of the scan: 4. May 2011 20:36
Used time: 01:59 Minute(s)

The scan has been done completely.

0 Scanned directories
52 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
50 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.

3. Start of the scan: 4. May 2011 21:02

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'vssvc.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'MobileConnect.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'DDmService.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'stk2135bsrv.exe' - '1' Module(s) have been scanned
Scan process 'VMCService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'vpnagent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe'
C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4caf0243.qua'.


End of the scan: 4. May 2011 21:02
Used time: 00:13 Minute(s)

The scan has been done completely.

0 Scanned directories
56 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
55 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.

4. Start of the scan: 4. May 2011 21:39

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'MobileConnect.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'DDmService.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'stk2135bsrv.exe' - '1' Module(s) have been scanned
Scan process 'VMCService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'vpnagent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Documents and Settings\***\My Documents\Downloads\Setup.exe'
C:\Documents and Settings\***\My Documents\Downloads\Setup.exe
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen2 adware or spyware
[NOTE] The file was moved to the quarantine directory under the name '4cbe0a83.qua'.


End of the scan: 4. May 2011 21:39
Used time: 00:11 Minute(s)

The scan has been done completely.

0 Scanned directories
53 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
52 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.

5. Start of the scan: 4. May 2011 20:40

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'plugin-container.exe' - '65' Module(s) have been scanned
Scan process 'firefox.exe' - '128' Module(s) have been scanned
Scan process 'msdtc.exe' - '49' Module(s) have been scanned
Scan process 'dllhost.exe' - '66' Module(s) have been scanned
Scan process 'dllhost.exe' - '54' Module(s) have been scanned
Scan process 'vssvc.exe' - '54' Module(s) have been scanned
Scan process 'avscan.exe' - '78' Module(s) have been scanned
Scan process 'alg.exe' - '41' Module(s) have been scanned
Scan process 'wuauclt.exe' - '40' Module(s) have been scanned
Scan process 'skypePM.exe' - '57' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '49' Module(s) have been scanned
Scan process 'BTSTAC~1.EXE' - '58' Module(s) have been scanned
Scan process 'BTTray.exe' - '54' Module(s) have been scanned
Scan process 'Skype.exe' - '125' Module(s) have been scanned
Scan process 'ctfmon.exe' - '33' Module(s) have been scanned
Scan process 'avgnt.exe' - '53' Module(s) have been scanned
Scan process 'MobileConnect.exe' - '119' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '27' Module(s) have been scanned
Scan process 'igfxpers.exe' - '29' Module(s) have been scanned
Scan process 'hkcmd.exe' - '32' Module(s) have been scanned
Scan process 'DDmService.exe' - '34' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '52' Module(s) have been scanned
Scan process 'jusched.exe' - '25' Module(s) have been scanned
Scan process 'winampa.exe' - '25' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '38' Module(s) have been scanned
Scan process 'btwdins.exe' - '24' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '53' Module(s) have been scanned
Scan process 'Explorer.EXE' - '88' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'stk2135bsrv.exe' - '20' Module(s) have been scanned
Scan process 'VMCService.exe' - '61' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '33' Module(s) have been scanned
Scan process 'jqs.exe' - '39' Module(s) have been scanned
Scan process 'EvtEng.exe' - '85' Module(s) have been scanned
Scan process 'avguard.exe' - '60' Module(s) have been scanned
Scan process 'acs.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'sched.exe' - '43' Module(s) have been scanned
Scan process 'spoolsv.exe' - '69' Module(s) have been scanned
Scan process 'vpnagent.exe' - '69' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '79' Module(s) have been scanned
Scan process 'svchost.exe' - '159' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'services.exe' - '37' Module(s) have been scanned
Scan process 'winlogon.exe' - '66' Module(s) have been scanned
Scan process 'csrss.exe' - '11' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\AntiVirus AntiSpyware.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

The registry was scanned ( '410' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\***\Application Data\1561484\bbzzkzz18.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\AntiVirus AntiSpyware.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securitymanager.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\24\604aca18-27d5d440
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/MundGura.D Java virus
--> google/stomp.class
[DETECTION] Contains recognition pattern of the JAVA/MundGura.D Java virus
C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\54\385f7636-4bd16492
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BE.2 Java virus
C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\54\61b14836-197a8946
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Rast.A Java virus
--> folder/Ump_45.class
[DETECTION] Contains recognition pattern of the JAVA/Rast.A Java virus
C:\Documents and Settings\***\My Documents\Downloads\Setup.exe
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen2 adware or spyware
C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP94\A0108165.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

Beginning disinfection:
C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP94\A0108165.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] A backup was created as '47291d54.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\***\My Documents\Downloads\Setup.exe
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen2 adware or spyware
[WARNING] The file could not be copied to the quarantine directory.
[WARNING] The source file could not be found.
[NOTE] The file was deleted!
C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\54\61b14836-197a8946
[DETECTION] Contains recognition pattern of the JAVA/Rast.A Java virus
[NOTE] A backup was created as '5c6f32f5.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\54\385f7636-4bd16492
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.BE.2 Java virus
[NOTE] A backup was created as '0de56814.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\24\604aca18-27d5d440
[DETECTION] Contains recognition pattern of the JAVA/MundGura.D Java virus
[NOTE] A backup was created as '6bd127de.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securitymanager.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] A backup was created as '2d840abd.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file could not be copied to the quarantine directory.
[WARNING] The source file could not be found.
[NOTE] The file was deleted!
C:\Documents and Settings\***\Application Data\1561484\bbzzkzz18.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] A backup was created as '528038d2.qua' ( QUARANTINE )
[NOTE] The file was deleted!
The registration entry <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr> was removed successfully.
C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\AntiVirus AntiSpyware.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus_AntiSpyware_2011> was removed successfully.
[NOTE] A backup was created as '1e361483.qua' ( QUARANTINE )
[NOTE] The file was deleted!


End of the scan: 4. May 2011 22:39
Used time: 1:56:02 Hour(s)

The scan has been done completely.

7994 Scanned directories
879467 Files were scanned
10 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
9 files were deleted
0 Viruses and unwanted programs were repaired
7 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
879457 Files not concerned
11185 Archives were scanned
2 Warnings
9 Notes
381721 Objects were scanned with rootkit scan
0 Hidden objects were found

6. Start of the scan: 5. May 2011 08:38

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'stk2135bsrv.exe' - '1' Module(s) have been scanned
Scan process 'VMCService.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'MobileConnect.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'DDmService.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'AAWService.exe' - '1' Module(s) have been scanned
Scan process 'vpnagent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108176.exe'
C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108176.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4fa6e771.qua'.


End of the scan: 5. May 2011 08:38
Used time: 00:08 Minute(s)

The scan has been done completely.

0 Scanned directories
52 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
51 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.

7. Start of the scan: 5. May 2011 11:40

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'Adobe_Updater.exe' - '1' Module(s) have been scanned
Scan process 'Ad-Aware.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'MobileConnect.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'stk2135bsrv.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'VMCService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'AAWService.exe' - '1' Module(s) have been scanned
Scan process 'vpnagent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108177.exe'
C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108177.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4fa6d1d0.qua'.
Begin scan in 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108178.exe'
C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108178.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5731fe77.qua'.


End of the scan: 5. May 2011 11:40
Used time: 00:16 Minute(s)

The scan has been done completely.

0 Scanned directories
54 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
52 Files not concerned
0 Archives were scanned
0 Warnings
2 Notes


The scan results will be transferred to the Guard.



Hier die Avira Ereignisse, wieder beginnend mit dem Ältesten:

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Vilsel.ayjv [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe.
Action performed: Deny access

The file 'C:\Documents and Settings\***\Application Data\1561484\mscj2.exe'
contained a virus or unwanted program 'TR/Vilsel.ayjv' [trojan]
Action(s) taken:
The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscj2> could not be removed.
An error has occurred and the file was not deleted. ErrorID: 26003.
The file could not be deleted!
Attempting to perform action using the ARK library.
The file was moved to the quarantine directory under the name '54d91f51.qua'.
The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscj2> could not be removed.

Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe.
Action performed: Deny access

The file 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4caf0243.qua'.

Virus or unwanted program 'ADSPY/AdSpy.Gen2 [adware]'
detected in file 'C:\Documents and Settings\***\My Documents\Downloads\Setup.exe.
Action performed: Deny access

The file 'C:\Documents and Settings\***\My Documents\Downloads\Setup.exe'
contained a virus or unwanted program 'ADSPY/AdSpy.Gen2' [adware]
Action(s) taken:
The file was moved to the quarantine directory under the name '4cbe0a83.qua'.

The file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP94\A0108165.exe'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
Action(s) taken:
A backup was created as '47291d54.qua' ( QUARANTINE ).
The file was deleted!

The file 'C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\54\385f7636-4bd16492'
contained a virus or unwanted program 'JAVA/Exdoer.BE.2' [virus]
Action(s) taken:
A backup was created as '0de56814.qua' ( QUARANTINE ).
The file was deleted!

The file 'C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\24\604aca18-27d5d440'
contained a virus or unwanted program 'JAVA/MundGura.D' [virus]
Action(s) taken:
A backup was created as '6bd127de.qua' ( QUARANTINE ).
The file was deleted!

The file 'C:\Documents and Settings\***\My Documents\Downloads\Setup.exe'
contained a virus or unwanted program 'ADSPY/AdSpy.Gen2' [adware]
Action(s) taken:
The file could not be copied to the quarantine directory.
The source file could not be found.
The file was deleted!

The file 'C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\6.0\54\61b14836-197a8946'
contained a virus or unwanted program 'JAVA/Rast.A' [virus]
Action(s) taken:
A backup was created as '5c6f32f5.qua' ( QUARANTINE ).
The file was deleted!

The file 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securityhelper.exe'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
Action(s) taken:
The file could not be copied to the quarantine directory.
The source file could not be found.
The file was deleted!

The file 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\securitymanager.exe'
contained a virus or unwanted program 'TR/Crypt.ZPACK.Gen' [trojan]
Action(s) taken:
A backup was created as '2d840abd.qua' ( QUARANTINE ).
The file was deleted!

The file 'C:\Documents and Settings\***\Application Data\1561484\bbzzkzz18.exe'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
Action(s) taken:
A backup was created as '528038d2.qua' ( QUARANTINE ).
The file was deleted!

The file 'C:\Documents and Settings\***\Application Data\AntiVirus_AntiSpyware_2011\AntiVirus AntiSpyware.exe'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
Action(s) taken:
The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus_AntiSpyware_2011> was removed successfully.
A backup was created as '1e361483.qua' ( QUARANTINE ).
The file was deleted!

Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108176.exe.
Action performed: Deny access

The file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108176.exe'
contained a virus or unwanted program 'TR/Crypt.ZPACK.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4fa6e771.qua'.

Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108177.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108178.exe.
Action performed: Deny access

The file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108177.exe'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4fa6d1d0.qua'.

The file 'C:\System Volume Information\_restore{035BDA7B-7665-4323-AC96-114EE6F4CBB1}\RP96\A0108178.exe'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '5731fe77.qua'.

warum ist avira bei dir auf englisch :-)

Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten.

Is doch klar mann, weil ich hier voll cool rüberkommen will ;)
Vielen Dank schon mal für Deine Hilfe!

Hier also der OTL-File:OTL Logfile:
--- --- ---



Hier der Extras.Txt:OTL Logfile:
--- --- ---

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
:Files
:Commands
[purity]
[EMPTYFLASH]
[resethosts]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

Hi markusg,

super!!! Jetzt geht's! Du kennst Dich wirklich aus.
Würd' mich jetzt nur noch kurz interessieren, woran's letztendlich lag.. Virus? Wenn ja, was hat der verändert?

ja ich weis, aber wo ist das log?
es war eine enderung in der hosts datei.
wir müssen noch weiter prüfen ob wir den schuldigen finden

Hier ist sie:

All processes killed
========== OTL ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: ***
->Flash cache emptied: 5067 bytes

User: Default User

User: LocalService

User: NetworkService

User: ***
->Flash cache emptied: 5846 bytes

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: ***
->Temp folder emptied: 10970598 bytes
->Temporary Internet Files folder emptied: 17149911 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 87848287 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 2976168 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 1985912 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: ***
->Temp folder emptied: 24335334 bytes
->Temporary Internet Files folder emptied: 36590765 bytes
->Java cache emptied: 758087 bytes
->FireFox cache emptied: 139459304 bytes
->Google Chrome cache emptied: 392714701 bytes
->Opera cache emptied: 468450 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 348689 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1093817 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64721900 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 747,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05062011_125417

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Hier ist der combofix log:

Combofix Logfile:
--- --- ---

lade den ccleaner slim:
Piriform - Builds
falls der ccleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Puh, jetzt wird's richtig spannend. Leider konnte ich Deinen Anweisung nicht folgen, da ein neues Problem aufgetreten ist: Nach dem Starten wird die Taskleiste unten geladen, jedoch bleibt der Desktop schwarz. Es sind weder Programme noch jegliche Dateien zu finden. Es kommt folgende Fehlermeldung:

"The system has detected a problem with one or more installed IDE/SATA hard disks. It is recommended that you restart the system".

Auch nach Neustart erscheint erneut dasselbe Problem und diesselbe Meldung.
Zusätzlich war auf dem Desktop nach dem Neustart eine Meldung von Avira zu finden. "TR/Kazy-mekml.1" detected.

Was nun?

Unten rechts war zu lesen:

"Critical Error
Windows can't find hard disk space. Hard drive error"

Genau, ist das Problem mit "Windows Recovery"...
Ist es überhaupt sinnvoll hier noch was zu machen? Oder lieber gleich neu formatieren? Wenn ja, was beachten?

meinen glückwunsch, du hast die nächste malware.
neue otl logs bitte

Sorry, ist schon wieder was dazwischengekommen, da der Besitzer des Laptops abermals damit herumgespielt hat (dieses Mal "um ihn zu reparieren)...
Jetzt lässt sich der Rechner gar nicht mehr starten, in keinem der Modi. Er scheint, bspweise beim nochmalen Startversuch korrekt zu starten, das Windows-Symbol erscheint kurz mit dem durchlaufenden Balken, doch dann bricht dies ab, ein blauer Bildschrim mit Text (wohl jener, den ich weiter unten aufführe) erscheint, aber so kurz, dass man ihn nicht lesen kann. Dann geht es wieder zurück zu dem schwarzen Bildschrim, dort wo man aus verschiedenen Startmodi auswählen kann.

Einzig der Startmodus "Disable automatic restart on system failure" bringt einen minimalen Fortschritt: Ein blauer Bildschrim mit diesem Text erscheint (danach lässt sich der Rechner nirgends ausschalten, nur das Herausnehmen des Akkus löst das Problem):

"A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:

Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard druve to make sure it is properly configured and terminated. Run CHKDSK/F to check for hard drive corruption, and the restart your computer.

Technical information:
*** STOP: 0x0000007B (0xBA4CF524, 0xC0000034, 0x00000000, 0x00000000)"

rette daten mit ubuntu:
Download | Ubuntu
dann wird neu aufgesetzt und das system richtig abgesichert :-)

1) Muss der USB-Stick leer sein, oder kann der außer Ubuntu noch andere Dinge gespeichert haben?
2) Wie mache ich das genau, neu aufsetzen?

Gibt es keine Möglichkeit das System jetzt so zu starten, und dann die Viren zu löschen wie wir begonnen hatten?

nein.
mach den usb stick lieber leer und dann mach ubuntu drauf, oder brenns auf cd.

Gilt das auch für XP bzw. die Treiber? Soll ich die jeweils einzeln auf CD brennen, oder kann ich XP plus Treiber auf eine einzige CD brennen/auf einen einzigen Stick legen, und dann davon aus booten?

Ich habe auch gemerkt, dass es Probleme gibt vom Stick aus zu booten. Ich wollte im BIOS den boot order verändern, aber es wird neben 'Hard drive' und 'CD/DVD Drive' nichts weiteres angezeigt (bspw. Removable Device) - kann ich das irgendwie hinzufügen, oder kann ich generell nicht vom USB-Stick aus booten?

ich dachte wir wollen mit ubuntu erst mal daten sichern?

Ne, können wir überspringen, ein backup ist vorhanden!

na das muss einem doch gesagt werden :d
windows cd auch vorhanden? weist du wie man formatiert?

Nein, das ist genau das Problem - es liegt momentan nur ein Stick vor, auf dem XP, Treiber und sonstiges Zeug gespeichert ist. Deshalb würde ich auch gerne von dem aus booten, und deshalb die Frage, ob das andere Zeug störend sein könnte.
Das Formatieren sollte machbar sein, Dank der Hinweise, die hier auf der Seite und sonst im Netz zu finden sind. Wissen wäre jetzt zwar was Anderes, aber da der Rechner jetzt sowieso zum Abschuss freigegeben ist, wird es nicht schlimm sein, wenn ich ein wenig ausprobiere.

versuchs mal, so lange der stick bootbar ist sollte es klappen.

Also, weder klappt es vom Stick aus zu booten, noch von der CD. Im ersten Fall kann ich die Bootreihenfolge gar nicht erst richtig setzen, also mit Removable Devices als Erstes, da diese gar nicht aufgeführt werden, und booten klappt auch nicht. Im zweiten Fall gelingt es ebenso nicht, obwohl ich die Bootreihenfolge hier richtig einstellen kann. Der Rechner verhält sich wie unten beschrieben: primär schwarzer Bildschirm mit Auswahlmöglichkeit unterschiedlicher Start-Arten, und sekundär blauer Bildschrim mit unten genanntem Text.

ist das ne richtige originale windows cd?

Vermutlich ja, aber was kann man heute schon sicher wissen..

na vermutlich, woher hast du die denn....

Ich glaube nicht, dass Du mit dieser Art von Fragen das Problem lösen wirst... Aber wir können uns natürlich auch gerne über Vogelfutter und Butter unterhalten, nur dann vielleicht in einem anderen Forum.

na sicher, wenns irgend ne selbstgebrannte cd ist, wonach sich deine ausweichenden antworten mal stark anhören, dann habt ihr was beim brennen falsch gemacht.
und dann solltest du dir überlegen, wenn diese cd noch aus tauschbörsen stammt, dass du dir lieber ne neue kaufst. denn du weist nicht was der uploader des betriebssystem da alles geendert hatt.
zumal wir illegales zeug nicht unterstützen, wir sind euch nicht behilflich eventuelle straftaten zu begehen.