Retour de fichier detecte par avira

Fermé
rachdi - 2 avril 2008 à 19:45
 rachdi - 14 avril 2008 à 15:22
Bonjour,
mon fichier est appele trace[1].htm fichier d'internet emporaire,je le supprime mais apres 2 jour a 3,, avira le detecte encore et je le mets en quarantaine pour le supprimer ansi de suite mnt c'est la troixieme fois
et merci d'avance

12 réponses

jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
2 avril 2008 à 21:20
slt,


utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
-----------------------

puis colle un rapport antivir
0
ok merci je l'ai deja cclean,et je vais attendre deux jour ou trois pour voir si le fichier va retourner,car c'est supprime 3 fois par antivir
merci encors une fois
0
rachdi > rachdi
6 avril 2008 à 23:53
alors apres 3 jour le fichier est retournera,tjr même probleme
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
7 avril 2008 à 09:21
colle un rapport antivir

et



colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
___________


AVG antispyware
https://www.01net.com/
http://free.grisoft.com/doc/download-free-anti-spyware/us/frt/0

Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html


->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
0
a savoir j 'ai fais encors une fois cclean hier mais cette matinée apres redemarage et lancement de klk site ce fichier infecté a apparait ,et je l'ai mets en quarantaine par antiVir;sachant ke Avira me donne just les choix ,quarantaine, acces deny,ignore,y'a pas delete,c'est pourkoi je le mets en quarantaine puis le supprime,maintenant et en quarantaine

voila les rapport demandé:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58, on 2008-04-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\HiJackThis\docteur.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{644FAE3A-EFF2-43EF-A59F-F8BB72CC3189}: NameServer = 196.217.246.211 212.217.0.13
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
7 avril 2008 à 15:13
colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
0
voila rapport:
c'est koi problem au just

BitDefender Online Scanner



Rapport d'analyse généré à: Mon, Apr 07, 2008 - 15:20:31





Voie d'analyse: A:\;C:\;D:\;E:\;







Statistiques

Temps
00:36:31

Fichiers
137477

Directoires
11722

Secteurs de boot
4

Archives
627

Paquets programmes
22136




Résultats

Virus identifiés
0

Fichiers infectés
0

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
0




Info sur les moteurs

Définition virus
1128820

Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins
16

Archive des plugins
41

Unpack des plugins
7

E-mail plugins
6

Système plugins
5




Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions


Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui




Fichier analysé
Statut

Aucun virus trouvé.
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
7 avril 2008 à 17:53
ok rien

si antivir retrouve l'infection tu me collera le rapport avec le fichier infécté
0
je le mets en quarantaine je sois le supprime mnt
voila le rapport de antivir;

2008-03-06,19:11 ---------------------------------------------------------
2008-03-06,19:11 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-06,19:11 AntiVir Guard version: 7.00.00.81,engine version 7.6.0.15,VDF version: 7.0.0.2
2008-03-06,19:11 Start Filter Device.
2008-03-06,19:11 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-06,19:11 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF
.URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-06,19:26 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-06,19:27 ---------------------------------------------------------
2008-03-06,19:27 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-06,19:27 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
2008-03-06,19:27 Start Filter Device.
2008-03-06,19:27 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-06,19:27 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-06,19:27 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-06,20:14 ---------------------------------------------------------
2008-03-06,20:14 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-06,20:14 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
2008-03-06,20:14 Start Filter Device.
2008-03-06,20:14 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-06,20:14 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-06,21:49 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-06,23:07 ---------------------------------------------------------
2008-03-06,23:07 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-06,23:07 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
2008-03-06,23:08 Start Filter Device.
2008-03-06,23:08 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-06,23:08 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-07,01:29 [WARNING] Is the Trojan horse TR/Agent.702496!
C:\Documents and Settings\Administrateur\Local Settings\Temp\ir_ext_temp_0\AutoPlay\Docs\KYNG_MultiLoader_V1_10.exe
[INFO] The file will be deleted.
2008-03-07,01:29 [WARNING] Is the Trojan horse TR/Agent.702496!
C:\Documents and Settings\Administrateur\Local Settings\Temp\ir_ext_temp_0\AutoPlay\Docs\KYNG_MultiLoader_V1_10.exe
[INFO] The file will be deleted.
2008-03-07,01:33 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-07,10:57 ---------------------------------------------------------
2008-03-07,10:57 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-07,10:57 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
2008-03-07,10:57 Start Filter Device.
2008-03-07,10:57 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-07,10:57 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-07,12:28 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-07,14:00 ---------------------------------------------------------
2008-03-07,14:00 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-07,14:00 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
2008-03-07,14:00 Start Filter Device.
2008-03-07,14:00 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-07,14:00 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-07,14:06 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-07,15:43 ---------------------------------------------------------
2008-03-07,15:43 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-07,15:43 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
2008-03-07,15:43 Start Filter Device.
2008-03-07,15:43 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-07,15:43 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-07,16:15 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-07,16:58 ---------------------------------------------------------
2008-03-07,16:58 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-07,16:58 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
2008-03-07,16:58 Start Filter Device.
2008-03-07,16:58 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-07,16:58 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-07,17:28 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-07,17:34 ---------------------------------------------------------
2008-03-07,17:34 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-07,17:34 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
2008-03-07,17:34 Start Filter Device.
2008-03-07,17:34 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-07,17:34 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-07,17:34 [WARNING] Is the Trojan horse TR/Agent.702496!
C:\Documents and Settings\Administrateur\Local Settings\Temp\ir_ext_temp_0\AutoPlay\Docs\KYNG_MultiLoader_V1_10.exe
[INFO] The file will be deleted.
2008-03-07,17:34 [WARNING] Is the Trojan horse TR/Agent.702496!
C:\Documents and Settings\Administrateur\Local Settings\Temp\ir_ext_temp_0\AutoPlay\Docs\KYNG_MultiLoader_V1_10.exe
[INFO] The file will be deleted.
2008-03-07,18:47 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-07,22:20 ---------------------------------------------------------
2008-03-07,22:20 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-07,22:20 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
2008-03-07,22:20 Start Filter Device.
2008-03-07,22:20 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-07,22:20 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-07,22:22 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-07,22:47 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-07,22:48 ---------------------------------------------------------
2008-03-07,22:48 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-07,22:48 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
2008-03-07,22:48 Start Filter Device.
2008-03-07,22:48 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-07,22:48 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-07,23:23 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-07,23:24 ---------------------------------------------------------
2008-03-07,23:24 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-07,23:24 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
2008-03-07,23:24 Start Filter Device.
2008-03-07,23:24 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-07,23:24 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-08,01:39 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-08,12:00 ---------------------------------------------------------
2008-03-08,12:00 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-08,12:00 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
2008-03-08,12:00 Start Filter Device.
2008-03-08,12:00 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-08,12:00 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-08,14:30 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-08,14:48 ---------------------------------------------------------
2008-03-08,14:48 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-08,14:48 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
2008-03-08,14:48 Start Filter Device.
2008-03-08,14:48 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-08,14:48 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-08,18:57 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-08,18:58 ---------------------------------------------------------
2008-03-08,18:58 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-08,18:58 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
2008-03-08,18:58 Start Filter Device.
2008-03-08,18:58 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-08,18:58 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-08,20:32 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-08,21:41 ---------------------------------------------------------
2008-03-08,21:41 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-08,21:41 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.2.245
2008-03-08,21:41 Start Filter Device.
2008-03-08,21:41 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-08,21:41 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-08,22:28 Update process started!
2008-03-08,22:28 Current Engine Version: 7.6.0.73
2008-03-08,22:28 Current Pattern File: 7.0.3.5 from 2008-03-07, 16:39
2008-03-08,22:28 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-08,23:00 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-08,23:37 ---------------------------------------------------------
2008-03-08,23:37 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-08,23:37 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
2008-03-08,23:37 Start Filter Device.
2008-03-08,23:37 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-08,23:37 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-09,01:07 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-09,10:25 ---------------------------------------------------------
2008-03-09,10:26 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-09,10:26 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
2008-03-09,10:26 Start Filter Device.
2008-03-09,10:26 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-09,10:26 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-09,11:14 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-09,11:28 ---------------------------------------------------------
2008-03-09,11:28 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-09,11:28 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
2008-03-09,11:29 Start Filter Device.
2008-03-09,11:29 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-09,11:29 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-09,13:11 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-09,13:26 ---------------------------------------------------------
2008-03-09,13:26 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-09,13:26 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
2008-03-09,13:26 Start Filter Device.
2008-03-09,13:26 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-09,13:26 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-09,18:54 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-09,19:09 ---------------------------------------------------------
2008-03-09,19:09 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-09,19:09 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
2008-03-09,19:09 Start Filter Device.
2008-03-09,19:09 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-09,19:09 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-09,19:58 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-09,20:02 ---------------------------------------------------------
2008-03-09,20:02 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-09,20:02 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
2008-03-09,20:02 Start Filter Device.
2008-03-09,20:02 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-09,20:02 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-09,20:11 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-09,20:28 ---------------------------------------------------------
2008-03-09,20:28 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-09,20:28 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
2008-03-09,20:28 Start Filter Device.
2008-03-09,20:28 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-09,20:28 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-10,01:00 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-10,10:56 ---------------------------------------------------------
2008-03-10,10:56 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-10,10:56 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
2008-03-10,10:56 Start Filter Device.
2008-03-10,10:56 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-10,10:56 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-10,11:29 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-10,11:32 ---------------------------------------------------------
2008-03-10,11:32 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-10,11:32 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
2008-03-10,11:32 Start Filter Device.
2008-03-10,11:32 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-10,11:32 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-10,12:42 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-10,12:47 ---------------------------------------------------------
2008-03-10,12:47 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-10,12:47 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
2008-03-10,12:47 Start Filter Device.
2008-03-10,12:47 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-10,12:47 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-10,15:00 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-10,15:13 ---------------------------------------------------------
2008-03-10,15:13 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-10,15:13 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
2008-03-10,15:13 Start Filter Device.
2008-03-10,15:13 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-10,15:13 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-10,16:41 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-10,17:01 ---------------------------------------------------------
2008-03-10,17:01 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-10,17:01 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
2008-03-10,17:01 Start Filter Device.
2008-03-10,17:01 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-10,17:01 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-10,18:34 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-10,19:30 ---------------------------------------------------------
2008-03-10,19:30 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-10,19:30 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
2008-03-10,19:30 Start Filter Device.
2008-03-10,19:30 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-10,19:30 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-10,19:36 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-10,20:10 ---------------------------------------------------------
2008-03-10,20:11 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-10,20:11 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
2008-03-10,20:11 Start Filter Device.
2008-03-10,20:11 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-10,20:11 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-10,20:34 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-10,20:37 ---------------------------------------------------------
2008-03-10,20:37 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-10,20:37 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.5
2008-03-10,20:37 Start Filter Device.
2008-03-10,20:37 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-10,20:37 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-10,22:24 Update process started!
2008-03-10,22:24 Current Engine Version: 7.6.0.73
2008-03-10,22:24 Current Pattern File: 7.0.3.12 from 2008-03-10, 16:53
2008-03-10,22:24 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-11,00:10 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-11,10:53 ---------------------------------------------------------
2008-03-11,10:53 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-11,10:53 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.12
2008-03-11,10:53 Start Filter Device.
2008-03-11,10:53 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-11,10:53 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-11,13:29 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-11,13:47 ---------------------------------------------------------
2008-03-11,13:47 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-11,13:47 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.12
2008-03-11,13:47 Start Filter Device.
2008-03-11,13:47 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-11,13:47 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-11,15:43 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-11,16:35 ---------------------------------------------------------
2008-03-11,16:35 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-11,16:35 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.12
2008-03-11,16:35 Start Filter Device.
2008-03-11,16:35 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-11,16:35 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-11,17:15 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-11,18:32 ---------------------------------------------------------
2008-03-11,18:32 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-11,18:32 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.12
2008-03-11,18:32 Start Filter Device.
2008-03-11,18:32 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-11,18:32 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-11,19:34 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-11,19:46 ---------------------------------------------------------
2008-03-11,19:46 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-11,19:46 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.12
2008-03-11,19:47 Start Filter Device.
2008-03-11,19:47 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-11,19:47 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-11,21:29 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-11,21:32 ---------------------------------------------------------
2008-03-11,21:32 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-11,21:32 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.12
2008-03-11,21:32 Start Filter Device.
2008-03-11,21:32 Avira AntiVir PersonalEdition Classic has been started successfully!
2008-03-11,21:32 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
2008-03-11,21:36 Avira AntiVir PersonalEdition Classic service has been stopped!
2008-03-11,21:41 ---------------------------------------------------------
2008-03-11,21:41 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
2008-03-11,21:41 AntiVir Guard version: 7.00.00.82,e
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
7 avril 2008 à 20:23
il me faudrait le rapport d'antivir qui donne le nom du fichier infécté car la ton rapport n'est pas bon!
0
bon le fichier est retourner je le mets enco en quarantaine ,mais j'ai fait un scan avec Antivir s'a donne de fichier ke j'ai supprimer voila rapport



AntiVir PersonalEdition Classic
Report file date: 2008-04-08 13:37

Scanning for 1185187 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: UNICORNI-70B9B0

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 14:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 13:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 16:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 13:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 15:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 22:28:51
ANTIVIR2.VDF : 7.0.3.127 649216 Bytes 2008-04-07 23:35:13
ANTIVIR3.VDF : 7.0.3.130 10240 Bytes 2008-04-07 23:35:13
AVEWIN32.DLL : 7.6.0.81 3424768 Bytes 2008-04-04 22:53:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 11:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 08:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 14:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-03-06 19:26:59
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 08:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 13:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 08:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 12:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 13:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 13:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 10:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-04-08 13:37

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'rsvp.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned
Scan process 'dslmon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'SuperCopier.exe' - '1' Module(s) have been scanned
Scan process 'vsnpstd.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ADSL Autoconnect.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '23' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{7E8852C9-9F7C-4927-9EDD-E1AE69608377}\RP51\A0025995.exe
[0] Archive type: ZIP SFX (self extracting)
--> AutoPlay/Docs/KYNG_MultiLoader_V1_10.exe
[DETECTION] Is the Trojan horse TR/Agent.702496
[INFO] The file was deleted!
C:\System Volume Information\_restore{7E8852C9-9F7C-4927-9EDD-E1AE69608377}\RP51\A0026032.exe
[0] Archive type: ZIP SFX (self extracting)
--> AutoPlay/Docs/KYNG_MultiLoader_V1_10.exe
[DETECTION] Is the Trojan horse TR/Agent.702496
[INFO] The file was deleted!
Begin scan in 'E:\' <Nouveau nom>


End of the scan: 2008-04-08 15:25
Used time: 1:48:20 min

The scan has been done completely.

11736 Scanning directories
1095387 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
1095385 Files not concerned
6471 Archives were scanned
1 Warnings
0 Notes
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
8 avril 2008 à 20:29
ha ok
il est tout simplement dans ta restauration!!


désactive la restauration système pour purger les virus qui sont dedans
puis redemarre ton ordi

puis réactive là : https://www.informatruc.com











et voila tu n'en aura plus
0
oui je fais ce ke vous m'avez dis portant le fihier apparait encors pour la niem fois ,je le mets en quarantaine voila son raport:
Exported events:

2008-04-10 10:48 [Guard] Malware found
Virus or unwanted program 'HTML/Infected.WebPage.Gen
[HTML/Infected.WebPage.Gen]'
detected in file 'C:\Documents and Settings\Administrateur\Local
Settings\Temporary Internet Files\Content.IE5\0E05VN74\trace[1].htm.
Action performed: Move file to quarantine
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
10 avril 2008 à 18:11
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :


C:\Documents and Settings\Administrateur\Local
Settings\Temporary Internet Files\Content.IE5\0E05VN74\trace[1].htm

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:_OTMoveItMovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
____



Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
0
voila raport


ComboFix 08-04-10.4 - Administrateur 2008-04-10 21:58:20.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.282 [GMT 0:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\KillBagle.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
.

2008-04-10 21:53 . 2008-04-10 21:53 <REP> d-------- C:\_OTMoveIt
2008-04-07 15:22 . 2008-04-07 15:20 17,262 --a------ C:\rapor.html
2008-04-07 14:22 . 2008-04-07 15:20 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-07 10:57 . 2008-04-07 10:58 <REP> d-------- C:\HiJackThis
2008-04-07 10:56 . 2008-04-07 10:56 318,369 --a------ C:\HiJackThis.zip
2008-04-01 18:52 . 2008-04-10 19:53 <REP> d-------- C:\Documents and Settings\ab\Application Data\skypePM
2008-04-01 18:50 . 2008-04-10 21:44 <REP> d-------- C:\Documents and Settings\ab\Application Data\Skype
2008-03-24 14:58 . 2008-03-24 15:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FreeCall
2008-03-22 20:30 . 2008-03-22 20:30 <REP> d-------- C:\Documents and Settings\ab\Application Data\CyberLink
2008-03-21 11:49 . 2008-04-10 21:38 <REP> d-------- C:\Documents and Settings\ab\Contacts
2008-03-21 00:34 . 2007-12-17 14:23 <REP> d--h----- C:\Documents and Settings\ab\Voisinage r‚seau
2008-03-21 00:34 . 2007-12-17 14:23 <REP> d--h----- C:\Documents and Settings\ab\Voisinage d'impression
2008-03-21 00:34 . 2007-12-17 13:27 <REP> d--h----- C:\Documents and Settings\ab\ModŠles
2008-03-21 00:34 . 2008-03-22 20:27 <REP> dr------- C:\Documents and Settings\ab\Mes documents
2008-03-21 00:34 . 2007-12-17 14:23 <REP> dr------- C:\Documents and Settings\ab\Menu D‚marrer
2008-03-21 00:34 . 2008-03-21 00:34 <REP> dr------- C:\Documents and Settings\ab\Favoris
2008-03-21 00:34 . 2008-04-07 11:51 <REP> d-------- C:\Documents and Settings\ab\Bureau
2008-03-21 00:34 . 2008-03-21 00:34 <REP> d-------- C:\Documents and Settings\ab\Application Data\Grisoft
2008-03-20 23:39 . 2008-03-20 23:39 <REP> d-------- C:\Documents and Settings\mou\Application Data\Grisoft
2008-03-20 23:38 . 2007-12-17 14:23 <REP> d--h----- C:\Documents and Settings\mou\Voisinage r‚seau
2008-03-20 23:38 . 2007-12-17 14:23 <REP> d--h----- C:\Documents and Settings\mou\Voisinage d'impression
2008-03-20 23:38 . 2007-12-17 13:27 <REP> d--h----- C:\Documents and Settings\mou\ModŠles
2008-03-20 23:38 . 2008-03-20 23:39 <REP> dr------- C:\Documents and Settings\mou\Mes documents
2008-03-20 23:38 . 2007-12-17 14:23 <REP> dr------- C:\Documents and Settings\mou\Menu D‚marrer
2008-03-20 23:38 . 2008-03-20 23:39 <REP> dr------- C:\Documents and Settings\mou\Favoris
2008-03-20 23:38 . 2008-03-21 00:26 <REP> d-------- C:\Documents and Settings\mou\Bureau
2008-03-20 23:04 . 2008-03-22 10:55 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-17 22:35 . 2008-03-17 22:35 <REP> d-------- C:\Program Files\Fichiers communs\snpstd
2008-03-17 22:35 . 2005-04-26 14:06 390,784 --a------ C:\WINDOWS\system32\drivers\snpstd.sys
2008-03-17 22:35 . 2004-06-10 13:48 286,720 --a------ C:\WINDOWS\vsnpstd.exe
2008-03-17 22:35 . 2005-04-20 17:34 61,440 --a------ C:\WINDOWS\system32\rsnpstd.dll
2008-03-17 22:35 . 2004-02-16 13:59 61,440 --a------ C:\WINDOWS\system32\csnpstd.dll
2008-03-17 22:35 . 2004-05-06 11:22 53,248 --a------ C:\WINDOWS\system32\dsnpstd.dll
2008-03-17 22:35 . 2005-04-20 17:16 36,864 --a------ C:\WINDOWS\system32\vsnpstd.dll
2008-03-17 22:35 . 2005-04-20 16:57 36,864 --a------ C:\WINDOWS\system32\dsnpstd.ax
2008-03-17 22:35 . 2005-02-01 19:29 20,480 --a------ C:\WINDOWS\usnpstd.exe
2008-03-17 22:35 . 2003-01-17 17:34 15,541 --a------ C:\WINDOWS\snpstd.ini
2008-03-17 22:35 . 2003-01-17 17:35 13,023 --a------ C:\WINDOWS\snpstd.src
2008-03-17 21:19 . 2008-03-17 21:19 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-03-17 21:18 . 2008-03-19 16:19 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-03-17 21:18 . 2008-03-17 21:18 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-17 20:43 . 2002-07-03 11:44 53,248 --a------ C:\WINDOWS\amcap.exe
2008-03-13 15:53 . 2008-03-13 15:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 22:35 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-07 22:40 --------- d-----w C:\Program Files\Trend Micro
2008-03-06 20:15 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Grisoft
2008-03-06 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-06 19:10 --------- d-----w C:\Program Files\Avira
2008-03-06 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-03-06 12:26 --------- d-----w C:\Program Files\Uniblue
2008-03-06 12:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Uniblue
2008-03-06 00:13 --------- d-----w C:\Program Files\EasyPHP1-8
2008-03-05 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-05 17:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-04 18:02 --------- d-----w C:\Program Files\Firebird
2008-03-04 17:57 --------- d-----w C:\Program Files\FirebirdClient
2008-03-02 10:58 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\HK-Software
2008-03-02 10:57 --------- d-----w C:\Program Files\HK-Software
2008-02-27 16:50 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-27 00:39 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype
2008-02-27 00:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\skypePM
2008-02-21 18:57 --------- d-----w C:\Program Files\CCleaner
2008-02-20 16:19 --------- d-----w C:\Program Files\Windows Live
2008-02-20 16:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-20 12:37 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-02-20 11:58 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\MSNInstaller
2008-02-20 01:05 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-20 00:51 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-19 23:54 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-14 15:03 --------- d-----w C:\Program Files\DivX
2008-02-10 13:45 --------- d-----w C:\Program Files\Webcam and Screen Recorder
2008-01-10 13:43 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier.exe"="C:\Program Files\SuperCopier\SuperCopier.exe" [2003-04-24 22:03 683520]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-12 20:17 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"Uniblue SpeedUpMyPC"="" []
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 16:00 1937408]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:54 15360]
"FreeCall"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-17 13:47 185632]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 00:50 33792]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 09:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 09:51 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-06 19:26 249896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"E:\\ancien\\tom_eclips_java_logiciel\\eclipse-SDK-3.3.1.1-win32\\eclipse\\eclipse.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Firebird\\Firebird_2_0\\bin\\fbserver.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1433:UDP"= 1433:UDP:Windows Media Format SDK (iexplore.exe)
"1432:UDP"= 1432:UDP:Windows Media Format SDK (iexplore.exe)
"1437:UDP"= 1437:UDP:Windows Media Format SDK (iexplore.exe)

R2 ADSLAutoconnect;ADSLAutoconnect;"C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z []
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 17:20]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 17:55]
S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [2007-09-03 17:13]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2007-09-03 17:13]
S3 Tomcat6;Apache Tomcat;"C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe" //RS//Tomcat6 []


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1E64BF9B-95A2-5C53-2627-5FEFF6CD0208}]
C:\WINDOWS\system32\Bifrost\server.exe s
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-10 22:02:01 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-04-05 12:10:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-03-05 22:43:08 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 22:02:24
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Menara\dslmon.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-10 22:05:35 - machine was rebooted [Administrateur]
ComboFix-quarantined-files.txt 2008-04-10 22:05:28
Pre-Run: 33,536,176,128 octets libres
Post-Run: 33,474,560,000 octets libres
.
2008-03-18 13:44:16 --- E O F ---
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
11 avril 2008 à 09:51
désactive antivir le temps du scan navilog:

télécharger sur le bureau
Navilog.zip
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1

un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.
0
voila encors le fichier une nuovelle fois apparait ;mais avant l'excution de navilog
Exported events:

12/04/2008 00:50 [Guard] Malware found
Virus or unwanted program 'HTML/Infected.WebPage.Gen
[HTML/Infected.WebPage.Gen]'
detected in file 'C:\Documents and Settings\Administrateur\Local
Settings\Temporary Internet Files\Content.IE5\PCONYFQ1\trace[1].htm.
Action performed: Move file to quarantine

**************************************************
pour le rapport de navilog le voila:

Search Navipromo version 3.5.3 commencé le 12/04/2008 à 9:00:03,06

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Administrateur"

Mise à jour le 09.04.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\menudm~1\progra~1" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ab\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\mou\locals~1\applic~1" *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ab\locals~1\applic~1" :


* Dans "C:\DOCUME~1\mou\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 12/04/2008 à 9:03:31,48 ***
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
12 avril 2008 à 11:10
colle un antivir pour voir si encore infécté
0
AntiVir PersonalEdition Classic
Report file date: samedi 12 avril 2008 10:19

Scanning for 1193728 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: UNICORNI-70B9B0

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 14:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 13:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 16:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 13:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 15:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 22:28:51
ANTIVIR2.VDF : 7.0.3.127 649216 Bytes 07/04/2008 23:35:13
ANTIVIR3.VDF : 7.0.3.150 135168 Bytes 10/04/2008 23:36:25
AVEWIN32.DLL : 7.6.0.84 3461632 Bytes 10/04/2008 23:36:25
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 11:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 08:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 14:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 06/03/2008 19:26:59
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 08:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 13:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 08:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 12:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 13:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 13:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 10:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 12 avril 2008 10:19

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'ADSL Autoconnect.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'dslmon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'SuperCopier.exe' - '1' Module(s) have been scanned
Scan process 'vsnpstd.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ADSL Autoconnect.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '23' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\gnc.exe
[WARNING] The file could not be opened!
Begin scan in 'E:\' <Nouveau nom>


End of the scan: samedi 12 avril 2008 12:30
Used time: 2:10:28 min

The scan has been done completely.

11770 Scanning directories
1082221 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
1082221 Files not concerned
6408 Archives were scanned
2 Warnings
0 Notes
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
12 avril 2008 à 14:49
Peux-tu tester ceci : C:\WINDOWS\SYSTEM32\gnc.exe

* Clique sur ce lien : http://www.virustotal.com/en/indexf.html
* Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
* Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.
0
le chemin ke vous avez indique ,C:\WINDOWS\SYSTEM32\gnc.exe
ya pas de fichier gnc.exe,

mais il existe sur C:\programefiles\Navilog1\gnc.exe

koi jexcute pour ce chemain
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
13 avril 2008 à 11:06
ok

desisntalle navilog de ton ordi via ton panneau de configuration !


je pense que antivir considère navilog comme suspect, si tu l'enleve ce sera bon



encore des soucis?
0
oui le probleme toujours la
Exported events:

14/04/2008 11:22 [Guard] Malware found
Virus or unwanted program 'HTML/Infected.WebPage.Gen
[HTML/Infected.WebPage.Gen]'
detected in file 'C:\Documents and Settings\Administrateur\Local
Settings\Temporary Internet Files\Content.IE5\0E05VN74\trace[1].htm.
Action performed: Move file to quarantine
0