Retour de fichier detecte par avira

rachdi -  
 rachdi -
Bonjour,
mon fichier est appele trace[1].htm fichier d'internet emporaire,je le supprime mais apres 2 jour a 3,, avira le detecte encore et je le mets en quarantaine pour le supprimer ansi de suite mnt c'est la troixieme fois
et merci d'avance
Configuration: Windows XP
Internet Explorer 7.0

12 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    utilise pour supprimer tes traces

    CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
    -----------------------

    puis colle un rapport antivir
    0
    1. rachdi
       
      ok merci je l'ai deja cclean,et je vais attendre deux jour ou trois pour voir si le fichier va retourner,car c'est supprime 3 fois par antivir
      merci encors une fois
      0
      1. rachdi > rachdi
         
        alors apres 3 jour le fichier est retournera,tjr même probleme
        0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle un rapport antivir

    et

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :
    http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    ___________

    AVG antispyware
    https://www.01net.com/
    http://free.grisoft.com/doc/download-free-anti-spyware/us/frt/0

    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    ->Relance AVG AS -> "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
    0
    1. rachdi
       
      a savoir j 'ai fais encors une fois cclean hier mais cette matinée apres redemarage et lancement de klk site ce fichier infecté a apparait ,et je l'ai mets en quarantaine par antiVir;sachant ke Avira me donne just les choix ,quarantaine, acces deny,ignore,y'a pas delete,c'est pourkoi je le mets en quarantaine puis le supprime,maintenant et en quarantaine

      voila les rapport demandé:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 10:58, on 2008-04-07
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\vsnpstd.exe
      C:\Program Files\SuperCopier\SuperCopier.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Menara\dslmon.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
      C:\HiJackThis\docteur.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
      O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{644FAE3A-EFF2-43EF-A59F-F8BB72CC3189}: NameServer = 196.217.246.211 212.217.0.13
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
      O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
      O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
      O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
      0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    secuser en ligne :
    http://www.secuser.com/outils/antivirus.htm
    0
    1. rachdi
       
      voila rapport:
      c'est koi problem au just

      BitDefender Online Scanner



      Rapport d'analyse généré à: Mon, Apr 07, 2008 - 15:20:31





      Voie d'analyse: A:\;C:\;D:\;E:\;







      Statistiques

      Temps
      00:36:31

      Fichiers
      137477

      Directoires
      11722

      Secteurs de boot
      4

      Archives
      627

      Paquets programmes
      22136




      Résultats

      Virus identifiés
      0

      Fichiers infectés
      0

      Fichiers suspects
      0

      Avertissements
      0

      Désinfectés
      0

      Fichiers effacés
      0




      Info sur les moteurs

      Définition virus
      1128820

      Version des moteurs
      AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

      Analyse des plugins
      16

      Archive des plugins
      41

      Unpack des plugins
      7

      E-mail plugins
      6

      Système plugins
      5




      Paramètres d'analyse

      Première action
      Désinfecté

      Seconde Action
      Supprimé

      Heuristique
      Oui

      Acceptez les avertissements
      Oui

      Extensions analysées
      exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

      Excludez les extensions


      Analyse d'emails
      Oui

      Analyse des Archives
      Oui

      Analyser paquets programmes
      Oui

      Analyse des fichiers
      Oui

      Analyse de boot
      Oui




      Fichier analysé
      Statut

      Aucun virus trouvé.
      0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok rien

    si antivir retrouve l'infection tu me collera le rapport avec le fichier infécté
    0
    1. rachdi
       
      je le mets en quarantaine je sois le supprime mnt
      voila le rapport de antivir;

      2008-03-06,19:11 ---------------------------------------------------------
      2008-03-06,19:11 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-06,19:11 AntiVir Guard version: 7.00.00.81,engine version 7.6.0.15,VDF version: 7.0.0.2
      2008-03-06,19:11 Start Filter Device.
      2008-03-06,19:11 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-06,19:11 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF
      .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-06,19:26 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-06,19:27 ---------------------------------------------------------
      2008-03-06,19:27 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-06,19:27 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
      2008-03-06,19:27 Start Filter Device.
      2008-03-06,19:27 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-06,19:27 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-06,19:27 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-06,20:14 ---------------------------------------------------------
      2008-03-06,20:14 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-06,20:14 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
      2008-03-06,20:14 Start Filter Device.
      2008-03-06,20:14 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-06,20:14 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-06,21:49 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-06,23:07 ---------------------------------------------------------
      2008-03-06,23:07 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-06,23:07 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
      2008-03-06,23:08 Start Filter Device.
      2008-03-06,23:08 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-06,23:08 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-07,01:29 [WARNING] Is the Trojan horse TR/Agent.702496!
      C:\Documents and Settings\Administrateur\Local Settings\Temp\ir_ext_temp_0\AutoPlay\Docs\KYNG_MultiLoader_V1_10.exe
      [INFO] The file will be deleted.
      2008-03-07,01:29 [WARNING] Is the Trojan horse TR/Agent.702496!
      C:\Documents and Settings\Administrateur\Local Settings\Temp\ir_ext_temp_0\AutoPlay\Docs\KYNG_MultiLoader_V1_10.exe
      [INFO] The file will be deleted.
      2008-03-07,01:33 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-07,10:57 ---------------------------------------------------------
      2008-03-07,10:57 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-07,10:57 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
      2008-03-07,10:57 Start Filter Device.
      2008-03-07,10:57 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-07,10:57 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-07,12:28 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-07,14:00 ---------------------------------------------------------
      2008-03-07,14:00 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-07,14:00 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
      2008-03-07,14:00 Start Filter Device.
      2008-03-07,14:00 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-07,14:00 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-07,14:06 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-07,15:43 ---------------------------------------------------------
      2008-03-07,15:43 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-07,15:43 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
      2008-03-07,15:43 Start Filter Device.
      2008-03-07,15:43 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-07,15:43 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-07,16:15 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-07,16:58 ---------------------------------------------------------
      2008-03-07,16:58 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-07,16:58 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
      2008-03-07,16:58 Start Filter Device.
      2008-03-07,16:58 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-07,16:58 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-07,17:28 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-07,17:34 ---------------------------------------------------------
      2008-03-07,17:34 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-07,17:34 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
      2008-03-07,17:34 Start Filter Device.
      2008-03-07,17:34 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-07,17:34 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-07,17:34 [WARNING] Is the Trojan horse TR/Agent.702496!
      C:\Documents and Settings\Administrateur\Local Settings\Temp\ir_ext_temp_0\AutoPlay\Docs\KYNG_MultiLoader_V1_10.exe
      [INFO] The file will be deleted.
      2008-03-07,17:34 [WARNING] Is the Trojan horse TR/Agent.702496!
      C:\Documents and Settings\Administrateur\Local Settings\Temp\ir_ext_temp_0\AutoPlay\Docs\KYNG_MultiLoader_V1_10.exe
      [INFO] The file will be deleted.
      2008-03-07,18:47 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-07,22:20 ---------------------------------------------------------
      2008-03-07,22:20 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-07,22:20 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
      2008-03-07,22:20 Start Filter Device.
      2008-03-07,22:20 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-07,22:20 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-07,22:22 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-07,22:47 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-07,22:48 ---------------------------------------------------------
      2008-03-07,22:48 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-07,22:48 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
      2008-03-07,22:48 Start Filter Device.
      2008-03-07,22:48 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-07,22:48 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-07,23:23 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-07,23:24 ---------------------------------------------------------
      2008-03-07,23:24 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-07,23:24 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
      2008-03-07,23:24 Start Filter Device.
      2008-03-07,23:24 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-07,23:24 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-08,01:39 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-08,12:00 ---------------------------------------------------------
      2008-03-08,12:00 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-08,12:00 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
      2008-03-08,12:00 Start Filter Device.
      2008-03-08,12:00 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-08,12:00 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-08,14:30 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-08,14:48 ---------------------------------------------------------
      2008-03-08,14:48 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-08,14:48 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
      2008-03-08,14:48 Start Filter Device.
      2008-03-08,14:48 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-08,14:48 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-08,18:57 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-08,18:58 ---------------------------------------------------------
      2008-03-08,18:58 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-08,18:58 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
      2008-03-08,18:58 Start Filter Device.
      2008-03-08,18:58 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-08,18:58 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-08,20:32 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-08,21:41 ---------------------------------------------------------
      2008-03-08,21:41 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-08,21:41 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
      2008-03-08,21:41 Start Filter Device.
      2008-03-08,21:41 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-08,21:41 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-08,22:28 Update process started!
      2008-03-08,22:28 Current Engine Version: 7.6.0.73
      2008-03-08,22:28 Current Pattern File: 7.0.3.5 from 2008-03-07, 16:39
      2008-03-08,22:28 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-08,23:00 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-08,23:37 ---------------------------------------------------------
      2008-03-08,23:37 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-08,23:37 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
      2008-03-08,23:37 Start Filter Device.
      2008-03-08,23:37 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-08,23:37 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-09,01:07 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-09,10:25 ---------------------------------------------------------
      2008-03-09,10:26 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-09,10:26 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
      2008-03-09,10:26 Start Filter Device.
      2008-03-09,10:26 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-09,10:26 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-09,11:14 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-09,11:28 ---------------------------------------------------------
      2008-03-09,11:28 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-09,11:28 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
      2008-03-09,11:29 Start Filter Device.
      2008-03-09,11:29 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-09,11:29 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-09,13:11 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-09,13:26 ---------------------------------------------------------
      2008-03-09,13:26 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-09,13:26 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
      2008-03-09,13:26 Start Filter Device.
      2008-03-09,13:26 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-09,13:26 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-09,18:54 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-09,19:09 ---------------------------------------------------------
      2008-03-09,19:09 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-09,19:09 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
      2008-03-09,19:09 Start Filter Device.
      2008-03-09,19:09 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-09,19:09 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-09,19:58 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-09,20:02 ---------------------------------------------------------
      2008-03-09,20:02 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-09,20:02 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
      2008-03-09,20:02 Start Filter Device.
      2008-03-09,20:02 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-09,20:02 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-09,20:11 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-09,20:28 ---------------------------------------------------------
      2008-03-09,20:28 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-09,20:28 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
      2008-03-09,20:28 Start Filter Device.
      2008-03-09,20:28 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-09,20:28 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-10,01:00 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-10,10:56 ---------------------------------------------------------
      2008-03-10,10:56 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-10,10:56 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
      2008-03-10,10:56 Start Filter Device.
      2008-03-10,10:56 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-10,10:56 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-10,11:29 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-10,11:32 ---------------------------------------------------------
      2008-03-10,11:32 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-10,11:32 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
      2008-03-10,11:32 Start Filter Device.
      2008-03-10,11:32 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-10,11:32 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-10,12:42 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-10,12:47 ---------------------------------------------------------
      2008-03-10,12:47 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-10,12:47 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
      2008-03-10,12:47 Start Filter Device.
      2008-03-10,12:47 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-10,12:47 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-10,15:00 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-10,15:13 ---------------------------------------------------------
      2008-03-10,15:13 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-10,15:13 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
      2008-03-10,15:13 Start Filter Device.
      2008-03-10,15:13 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-10,15:13 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-10,16:41 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-10,17:01 ---------------------------------------------------------
      2008-03-10,17:01 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-10,17:01 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
      2008-03-10,17:01 Start Filter Device.
      2008-03-10,17:01 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-10,17:01 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-10,18:34 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-10,19:30 ---------------------------------------------------------
      2008-03-10,19:30 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-10,19:30 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
      2008-03-10,19:30 Start Filter Device.
      2008-03-10,19:30 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-10,19:30 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-10,19:36 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-10,20:10 ---------------------------------------------------------
      2008-03-10,20:11 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-10,20:11 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
      2008-03-10,20:11 Start Filter Device.
      2008-03-10,20:11 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-10,20:11 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-10,20:34 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-10,20:37 ---------------------------------------------------------
      2008-03-10,20:37 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-10,20:37 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
      2008-03-10,20:37 Start Filter Device.
      2008-03-10,20:37 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-10,20:37 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-10,22:24 Update process started!
      2008-03-10,22:24 Current Engine Version: 7.6.0.73
      2008-03-10,22:24 Current Pattern File: 7.0.3.12 from 2008-03-10, 16:53
      2008-03-10,22:24 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-11,00:10 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-11,10:53 ---------------------------------------------------------
      2008-03-11,10:53 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-11,10:53 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.12
      2008-03-11,10:53 Start Filter Device.
      2008-03-11,10:53 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-11,10:53 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-11,13:29 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-11,13:47 ---------------------------------------------------------
      2008-03-11,13:47 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-11,13:47 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.12
      2008-03-11,13:47 Start Filter Device.
      2008-03-11,13:47 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-11,13:47 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-11,15:43 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-11,16:35 ---------------------------------------------------------
      2008-03-11,16:35 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-11,16:35 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.12
      2008-03-11,16:35 Start Filter Device.
      2008-03-11,16:35 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-11,16:35 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-11,17:15 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-11,18:32 ---------------------------------------------------------
      2008-03-11,18:32 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-11,18:32 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.12
      2008-03-11,18:32 Start Filter Device.
      2008-03-11,18:32 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-11,18:32 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-11,19:34 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-11,19:46 ---------------------------------------------------------
      2008-03-11,19:46 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-11,19:46 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.12
      2008-03-11,19:47 Start Filter Device.
      2008-03-11,19:47 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-11,19:47 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-11,21:29 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-11,21:32 ---------------------------------------------------------
      2008-03-11,21:32 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-11,21:32 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.12
      2008-03-11,21:32 Start Filter Device.
      2008-03-11,21:32 Avira AntiVir PersonalEdition Classic has been started successfully!
      2008-03-11,21:32 [CONFIG] On-Access configuration used:
      - Files to scan: scan files from local drives
      - Device mode: scan files on open, scan files on close
      - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
      .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
      - Unpack runtime compressed files
      - Actions: ask the user
      - Heuristic: MACRO , WIN32 MEDIUM
      - Logfile report level 1
      2008-03-11,21:36 Avira AntiVir PersonalEdition Classic service has been stopped!
      2008-03-11,21:41 ---------------------------------------------------------
      2008-03-11,21:41 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
      2008-03-11,21:41 AntiVir Guard version: 7.00.00.82,e
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    il me faudrait le rapport d'antivir qui donne le nom du fichier infécté car la ton rapport n'est pas bon!
    0
    1. rachdi
       
      bon le fichier est retourner je le mets enco en quarantaine ,mais j'ai fait un scan avec Antivir s'a donne de fichier ke j'ai supprimer voila rapport



      AntiVir PersonalEdition Classic
      Report file date: 2008-04-08 13:37

      Scanning for 1185187 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Username: SYSTEM
      Computer name: UNICORNI-70B9B0

      Version information:
      BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
      AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 14:16:29
      AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 13:23:51
      LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 16:32:47
      LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 13:35:20
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 15:27:15
      ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 22:28:51
      ANTIVIR2.VDF : 7.0.3.127 649216 Bytes 2008-04-07 23:35:13
      ANTIVIR3.VDF : 7.0.3.130 10240 Bytes 2008-04-07 23:35:13
      AVEWIN32.DLL : 7.6.0.81 3424768 Bytes 2008-04-04 22:53:10
      AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 11:36:26
      AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 08:39:17
      AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 14:16:24
      AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-03-06 19:26:59
      AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 08:17:06
      AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 13:26:33
      AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 08:10:18
      NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 12:09:42
      RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 13:38:13
      RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 13:50:37
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 10:37:21

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: off
      Scan boot sector.................: on
      Boot sectors.....................: E:,
      Scan memory......................: on
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: 2008-04-08 13:37

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'rsvp.exe' - '1' Module(s) have been scanned
      Scan process 'iexplore.exe' - '1' Module(s) have been scanned
      Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
      Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
      Scan process 'iexplore.exe' - '1' Module(s) have been scanned
      Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
      Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
      Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned
      Scan process 'dslmon.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
      Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
      Scan process 'SuperCopier.exe' - '1' Module(s) have been scanned
      Scan process 'vsnpstd.exe' - '1' Module(s) have been scanned
      Scan process 'avgas.exe' - '1' Module(s) have been scanned
      Scan process 'jucheck.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
      Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
      Scan process 'winampa.exe' - '1' Module(s) have been scanned
      Scan process 'realsched.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'ADSL Autoconnect.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'MDM.EXE' - '1' Module(s) have been scanned
      Scan process 'guard.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      43 processes with 43 modules were scanned

      Start scanning boot sectors:
      Boot sector 'C:\'
      [NOTE] No virus was found!
      Boot sector 'E:\'
      [NOTE] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '23' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\System Volume Information\_restore{7E8852C9-9F7C-4927-9EDD-E1AE69608377}\RP51\A0025995.exe
      [0] Archive type: ZIP SFX (self extracting)
      --> AutoPlay/Docs/KYNG_MultiLoader_V1_10.exe
      [DETECTION] Is the Trojan horse TR/Agent.702496
      [INFO] The file was deleted!
      C:\System Volume Information\_restore{7E8852C9-9F7C-4927-9EDD-E1AE69608377}\RP51\A0026032.exe
      [0] Archive type: ZIP SFX (self extracting)
      --> AutoPlay/Docs/KYNG_MultiLoader_V1_10.exe
      [DETECTION] Is the Trojan horse TR/Agent.702496
      [INFO] The file was deleted!
      Begin scan in 'E:\' <Nouveau nom>


      End of the scan: 2008-04-08 15:25
      Used time: 1:48:20 min

      The scan has been done completely.

      11736 Scanning directories
      1095387 Files were scanned
      2 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      2 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
      1095385 Files not concerned
      6471 Archives were scanned
      1 Warnings
      0 Notes
      0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ha ok
    il est tout simplement dans ta restauration!!

    désactive la restauration système pour purger les virus qui sont dedans
    puis redemarre ton ordi

    puis réactive là : https://www.informatruc.com

    et voila tu n'en aura plus
    0
    1. rachdi
       
      oui je fais ce ke vous m'avez dis portant le fihier apparait encors pour la niem fois ,je le mets en quarantaine voila son raport:
      Exported events:

      2008-04-10 10:48 [Guard] Malware found
      Virus or unwanted program 'HTML/Infected.WebPage.Gen
      [HTML/Infected.WebPage.Gen]'
      detected in file 'C:\Documents and Settings\Administrateur\Local
      Settings\Temporary Internet Files\Content.IE5\0E05VN74\trace[1].htm.
      Action performed: Move file to quarantine
      0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Documents and Settings\Administrateur\Local
    Settings\Temporary Internet Files\Content.IE5\0E05VN74\trace[1].htm

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:_OTMoveItMovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    ____

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    0
    1. rachdi
       
      voila raport


      ComboFix 08-04-10.4 - Administrateur 2008-04-10 21:58:20.1 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.282 [GMT 0:00]
      Endroit: C:\Documents and Settings\Administrateur\Bureau\KillBagle.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-10 21:53 . 2008-04-10 21:53 <REP> d-------- C:\_OTMoveIt
      2008-04-07 15:22 . 2008-04-07 15:20 17,262 --a------ C:\rapor.html
      2008-04-07 14:22 . 2008-04-07 15:20 <REP> d-------- C:\WINDOWS\BDOSCAN8
      2008-04-07 10:57 . 2008-04-07 10:58 <REP> d-------- C:\HiJackThis
      2008-04-07 10:56 . 2008-04-07 10:56 318,369 --a------ C:\HiJackThis.zip
      2008-04-01 18:52 . 2008-04-10 19:53 <REP> d-------- C:\Documents and Settings\ab\Application Data\skypePM
      2008-04-01 18:50 . 2008-04-10 21:44 <REP> d-------- C:\Documents and Settings\ab\Application Data\Skype
      2008-03-24 14:58 . 2008-03-24 15:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FreeCall
      2008-03-22 20:30 . 2008-03-22 20:30 <REP> d-------- C:\Documents and Settings\ab\Application Data\CyberLink
      2008-03-21 11:49 . 2008-04-10 21:38 <REP> d-------- C:\Documents and Settings\ab\Contacts
      2008-03-21 00:34 . 2007-12-17 14:23 <REP> d--h----- C:\Documents and Settings\ab\Voisinage r‚seau
      2008-03-21 00:34 . 2007-12-17 14:23 <REP> d--h----- C:\Documents and Settings\ab\Voisinage d'impression
      2008-03-21 00:34 . 2007-12-17 13:27 <REP> d--h----- C:\Documents and Settings\ab\ModŠles
      2008-03-21 00:34 . 2008-03-22 20:27 <REP> dr------- C:\Documents and Settings\ab\Mes documents
      2008-03-21 00:34 . 2007-12-17 14:23 <REP> dr------- C:\Documents and Settings\ab\Menu D‚marrer
      2008-03-21 00:34 . 2008-03-21 00:34 <REP> dr------- C:\Documents and Settings\ab\Favoris
      2008-03-21 00:34 . 2008-04-07 11:51 <REP> d-------- C:\Documents and Settings\ab\Bureau
      2008-03-21 00:34 . 2008-03-21 00:34 <REP> d-------- C:\Documents and Settings\ab\Application Data\Grisoft
      2008-03-20 23:39 . 2008-03-20 23:39 <REP> d-------- C:\Documents and Settings\mou\Application Data\Grisoft
      2008-03-20 23:38 . 2007-12-17 14:23 <REP> d--h----- C:\Documents and Settings\mou\Voisinage r‚seau
      2008-03-20 23:38 . 2007-12-17 14:23 <REP> d--h----- C:\Documents and Settings\mou\Voisinage d'impression
      2008-03-20 23:38 . 2007-12-17 13:27 <REP> d--h----- C:\Documents and Settings\mou\ModŠles
      2008-03-20 23:38 . 2008-03-20 23:39 <REP> dr------- C:\Documents and Settings\mou\Mes documents
      2008-03-20 23:38 . 2007-12-17 14:23 <REP> dr------- C:\Documents and Settings\mou\Menu D‚marrer
      2008-03-20 23:38 . 2008-03-20 23:39 <REP> dr------- C:\Documents and Settings\mou\Favoris
      2008-03-20 23:38 . 2008-03-21 00:26 <REP> d-------- C:\Documents and Settings\mou\Bureau
      2008-03-20 23:04 . 2008-03-22 10:55 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
      2008-03-17 22:35 . 2008-03-17 22:35 <REP> d-------- C:\Program Files\Fichiers communs\snpstd
      2008-03-17 22:35 . 2005-04-26 14:06 390,784 --a------ C:\WINDOWS\system32\drivers\snpstd.sys
      2008-03-17 22:35 . 2004-06-10 13:48 286,720 --a------ C:\WINDOWS\vsnpstd.exe
      2008-03-17 22:35 . 2005-04-20 17:34 61,440 --a------ C:\WINDOWS\system32\rsnpstd.dll
      2008-03-17 22:35 . 2004-02-16 13:59 61,440 --a------ C:\WINDOWS\system32\csnpstd.dll
      2008-03-17 22:35 . 2004-05-06 11:22 53,248 --a------ C:\WINDOWS\system32\dsnpstd.dll
      2008-03-17 22:35 . 2005-04-20 17:16 36,864 --a------ C:\WINDOWS\system32\vsnpstd.dll
      2008-03-17 22:35 . 2005-04-20 16:57 36,864 --a------ C:\WINDOWS\system32\dsnpstd.ax
      2008-03-17 22:35 . 2005-02-01 19:29 20,480 --a------ C:\WINDOWS\usnpstd.exe
      2008-03-17 22:35 . 2003-01-17 17:34 15,541 --a------ C:\WINDOWS\snpstd.ini
      2008-03-17 22:35 . 2003-01-17 17:35 13,023 --a------ C:\WINDOWS\snpstd.src
      2008-03-17 21:19 . 2008-03-17 21:19 <REP> d-------- C:\Program Files\Windows Media Connect 2
      2008-03-17 21:18 . 2008-03-19 16:19 <REP> d-------- C:\WINDOWS\system32\LogFiles
      2008-03-17 21:18 . 2008-03-17 21:18 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
      2008-03-17 20:43 . 2002-07-03 11:44 53,248 --a------ C:\WINDOWS\amcap.exe
      2008-03-13 15:53 . 2008-03-13 15:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-17 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-03-17 22:35 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
      2008-03-07 22:40 --------- d-----w C:\Program Files\Trend Micro
      2008-03-06 20:15 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Grisoft
      2008-03-06 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-03-06 19:10 --------- d-----w C:\Program Files\Avira
      2008-03-06 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
      2008-03-06 12:26 --------- d-----w C:\Program Files\Uniblue
      2008-03-06 12:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Uniblue
      2008-03-06 00:13 --------- d-----w C:\Program Files\EasyPHP1-8
      2008-03-05 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-03-05 17:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-03-04 18:02 --------- d-----w C:\Program Files\Firebird
      2008-03-04 17:57 --------- d-----w C:\Program Files\FirebirdClient
      2008-03-02 10:58 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\HK-Software
      2008-03-02 10:57 --------- d-----w C:\Program Files\HK-Software
      2008-02-27 16:50 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2008-02-27 00:39 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype
      2008-02-27 00:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\skypePM
      2008-02-21 18:57 --------- d-----w C:\Program Files\CCleaner
      2008-02-20 16:19 --------- d-----w C:\Program Files\Windows Live
      2008-02-20 16:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-02-20 12:37 --------- d-----w C:\Program Files\Windows Live Safety Center
      2008-02-20 11:58 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\MSNInstaller
      2008-02-20 01:05 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
      2008-02-20 00:51 --------- d-----w C:\Program Files\Windows Live Toolbar
      2008-02-19 23:54 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-02-14 15:03 --------- d-----w C:\Program Files\DivX
      2008-02-10 13:45 --------- d-----w C:\Program Files\Webcam and Screen Recorder
      2008-01-10 13:43 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SuperCopier.exe"="C:\Program Files\SuperCopier\SuperCopier.exe" [2003-04-24 22:03 683520]
      "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-12 20:17 68856]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
      "Uniblue SpeedUpMyPC"="" []
      "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 16:00 1937408]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:54 15360]
      "FreeCall"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-17 13:47 185632]
      "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 00:50 33792]
      "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
      "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 09:55 155648]
      "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 09:51 118784]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-06 19:26 249896]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
      "snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720]

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
      "E:\\ancien\\tom_eclips_java_logiciel\\eclipse-SDK-3.3.1.1-win32\\eclipse\\eclipse.exe"=
      "C:\\WINDOWS\\system32\\javaw.exe"=
      "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
      "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
      "C:\\Program Files\\Firebird\\Firebird_2_0\\bin\\fbserver.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "1433:UDP"= 1433:UDP:Windows Media Format SDK (iexplore.exe)
      "1432:UDP"= 1432:UDP:Windows Media Format SDK (iexplore.exe)
      "1437:UDP"= 1437:UDP:Windows Media Format SDK (iexplore.exe)

      R2 ADSLAutoconnect;ADSLAutoconnect;"C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z []
      R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 17:20]
      S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 17:55]
      S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [2007-09-03 17:13]
      S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2007-09-03 17:13]
      S3 Tomcat6;Apache Tomcat;"C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe" //RS//Tomcat6 []


      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1E64BF9B-95A2-5C53-2627-5FEFF6CD0208}]
      C:\WINDOWS\system32\Bifrost\server.exe s
      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-04-10 22:02:01 C:\WINDOWS\Tasks\Symantec NetDetect.job"
      - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
      "2008-04-05 12:10:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
      - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
      "2008-03-05 22:43:08 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
      - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
      .
      **************************************************************************

      catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-10 22:02:24
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Menara\dslmon.exe
      C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-10 22:05:35 - machine was rebooted [Administrateur]
      ComboFix-quarantined-files.txt 2008-04-10 22:05:28
      Pre-Run: 33,536,176,128 octets libres
      Post-Run: 33,474,560,000 octets libres
      .
      2008-03-18 13:44:16 --- E O F ---
      0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    désactive antivir le temps du scan navilog:

    télécharger sur le bureau
    Navilog.zip
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    = Double-Clic navilog1.zip
    = Extraire tout sur le bureau
    = Double-Clic navilog1 qui est sur le bureau
    = Appuyer sur une touche jusqu' arriver aux options
    = Choisir option 1

    un rapport : fixnavi.txt dans C : va se creer
    le copier/coller dans ton prochain message.
    0
  10. rachdi
     
    voila encors le fichier une nuovelle fois apparait ;mais avant l'excution de navilog
    Exported events:

    12/04/2008 00:50 [Guard] Malware found
    Virus or unwanted program 'HTML/Infected.WebPage.Gen
    [HTML/Infected.WebPage.Gen]'
    detected in file 'C:\Documents and Settings\Administrateur\Local
    Settings\Temporary Internet Files\Content.IE5\PCONYFQ1\trace[1].htm.
    Action performed: Move file to quarantine

    **************************************************
    pour le rapport de navilog le voila:

    Search Navipromo version 3.5.3 commencé le 12/04/2008 à 9:00:03,06

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "Administrateur"

    Mise à jour le 09.04.2008 à 20h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.13
    Système de fichiers : NTFS

    Executé en mode normal

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans C:\WINDOWS ***

    *** Recherche dossiers dans C:\Program Files ***

    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

    *** Recherche dossiers dans "C:\Documents and Settings\Administrateur\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Administrateur\menudm~1\progra~1" ***

    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier trouvé

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans C:\WINDOWS\system32 *

    * Recherche dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\ab\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\mou\locals~1\applic~1" *

    *** Recherche fichiers ***

    *** Recherche clés spécifiques dans le Registre ***

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :

    2)Recherche Heuristique :

    * Dans C:\WINDOWS\system32 :

    * Dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" :

    * Dans "C:\DOCUME~1\ab\locals~1\applic~1" :

    * Dans "C:\DOCUME~1\mou\locals~1\applic~1" :

    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :

    *** Analyse terminée le 12/04/2008 à 9:03:31,48 ***
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle un antivir pour voir si encore infécté
    0
    1. rachdi
       
      AntiVir PersonalEdition Classic
      Report file date: samedi 12 avril 2008 10:19

      Scanning for 1193728 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Username: SYSTEM
      Computer name: UNICORNI-70B9B0

      Version information:
      BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
      AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 14:16:29
      AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 13:23:51
      LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 16:32:47
      LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 13:35:20
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 15:27:15
      ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 22:28:51
      ANTIVIR2.VDF : 7.0.3.127 649216 Bytes 07/04/2008 23:35:13
      ANTIVIR3.VDF : 7.0.3.150 135168 Bytes 10/04/2008 23:36:25
      AVEWIN32.DLL : 7.6.0.84 3461632 Bytes 10/04/2008 23:36:25
      AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 11:36:26
      AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 08:39:17
      AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 14:16:24
      AVPACK32.DLL : 7.6.0.3 360488 Bytes 06/03/2008 19:26:59
      AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 08:17:06
      AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 13:26:33
      AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 08:10:18
      NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 12:09:42
      RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 13:38:13
      RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 13:50:37
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 10:37:21

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: off
      Scan boot sector.................: on
      Boot sectors.....................: E:,
      Scan memory......................: on
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: samedi 12 avril 2008 10:19

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'iexplore.exe' - '1' Module(s) have been scanned
      Scan process 'iexplore.exe' - '1' Module(s) have been scanned
      Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
      Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned
      Scan process 'firefox.exe' - '1' Module(s) have been scanned
      Scan process 'ADSL Autoconnect.exe' - '1' Module(s) have been scanned
      Scan process 'iexplore.exe' - '1' Module(s) have been scanned
      Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
      Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
      Scan process 'dslmon.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
      Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
      Scan process 'SuperCopier.exe' - '1' Module(s) have been scanned
      Scan process 'vsnpstd.exe' - '1' Module(s) have been scanned
      Scan process 'avgas.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
      Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
      Scan process 'winampa.exe' - '1' Module(s) have been scanned
      Scan process 'realsched.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'ADSL Autoconnect.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'MDM.EXE' - '1' Module(s) have been scanned
      Scan process 'guard.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      43 processes with 43 modules were scanned

      Start scanning boot sectors:
      Boot sector 'C:\'
      [NOTE] No virus was found!
      Boot sector 'E:\'
      [NOTE] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '23' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\WINDOWS\system32\gnc.exe
      [WARNING] The file could not be opened!
      Begin scan in 'E:\' <Nouveau nom>


      End of the scan: samedi 12 avril 2008 12:30
      Used time: 2:10:28 min

      The scan has been done completely.

      11770 Scanning directories
      1082221 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
      1082221 Files not concerned
      6408 Archives were scanned
      2 Warnings
      0 Notes
      0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Peux-tu tester ceci : C:\WINDOWS\SYSTEM32\gnc.exe

    * Clique sur ce lien : http://www.virustotal.com/en/indexf.html
    * Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
    * Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.
    0
    1. rachdi
       
      le chemin ke vous avez indique ,C:\WINDOWS\SYSTEM32\gnc.exe
      ya pas de fichier gnc.exe,

      mais il existe sur C:\programefiles\Navilog1\gnc.exe

      koi jexcute pour ce chemain
      0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    desisntalle navilog de ton ordi via ton panneau de configuration !

    je pense que antivir considère navilog comme suspect, si tu l'enleve ce sera bon

    encore des soucis?
    0
    1. rachdi
       
      oui le probleme toujours la
      Exported events:

      14/04/2008 11:22 [Guard] Malware found
      Virus or unwanted program 'HTML/Infected.WebPage.Gen
      [HTML/Infected.WebPage.Gen]'
      detected in file 'C:\Documents and Settings\Administrateur\Local
      Settings\Temporary Internet Files\Content.IE5\0E05VN74\trace[1].htm.
      Action performed: Move file to quarantine
      0