creo que tengo un problema con virus restore (SOLUCIONADO)

[jomarico]

Hola, el 6 de marzo fue detectado por mi antivirus (antivir personal edition clasicc) un virus cuyo nombre era: netf.dll , posteriormente escanee el sistema y lo puse en cuarentena y después lo eliminé. Pero ahora últimamente me sale cada dos por tres (sobre todo creo que cuando estoy en internet) un mensaje del antivirus que dice: C:\System Volume Information\_restore{020BA62C-D529-4B96-BF7B-2E0D265179FD}\RP12\A0003933.dll y le doy a delete pero sigue saliendo y no logro eliminarlo ni tampoco se como hacerlo. Tengo el zonealarm pro instalado. Espero que me ayuden a solucionar el problema. Aquí os dejo un informe de lo que me ha salido desde que mi antivirus detectó el virus:

05/03/2006,21:44:58 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\WINDOWS\system32\netf.dll

05/03/2006,21:45:50 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\WINDOWS\SYSTEM32\NETF.DLL

05/03/2006,21:45:50 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\WINDOWS\SYSTEM32\NETF.DLL

[ERROR] Unable to delete the file:

0x00000005 - Acceso denegado.

05/03/2006,21:45:50 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\WINDOWS\SYSTEM32\NETF.DLL

[ERROR] Unable to delete the file:

0x00000005 - Acceso denegado.

05/03/2006,21:45:50 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\WINDOWS\SYSTEM32\NETF.DLL

05/03/2006,21:45:50 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\WINDOWS\SYSTEM32\NETF.DLL

05/03/2006,21:45:50 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\WINDOWS\SYSTEM32\NETF.DLL

[ERROR] Unable to delete the file:

0x00000005 - Acceso denegado.

05/03/2006,21:45:50 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\WINDOWS\SYSTEM32\NETF.DLL

05/03/2006,21:45:50 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\WINDOWS\SYSTEM32\NETF.DLL

05/03/2006,21:45:50 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\WINDOWS\SYSTEM32\NETF.DLL

[ERROR] Unable to move the file to the quarantine directory:

[ERROR] Move to quarantine: file cannot be deleted

05/03/2006,21:45:50 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\WINDOWS\SYSTEM32\NETF.DLL

[ERROR] Unable to move the file to the quarantine directory:

[ERROR] Move to quarantine: file cannot be deleted

05/03/2006,21:45:50 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\WINDOWS\SYSTEM32\NETF.DLL

[ERROR] Unable to delete the file:

0x00000005 - Acceso denegado.

05/03/2006,21:45:50 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\WINDOWS\SYSTEM32\NETF.DLL

05/03/2006,21:52:07 ---------------------------------------------------------

05/03/2006,21:52:10 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

05/03/2006,21:52:10 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.67

05/03/2006,21:52:11 Start Filter Device.

05/03/2006,21:52:11 Avira AntiVir PersonalEdition Classic has been started successfully!

05/03/2006,21:52:11 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

05/03/2006,21:52:12 [WARNING] Contains signature of the worm WORM/IRCBot.NW.88!

C:\WINDOWS\system32\nvsvcd.exe

05/03/2006,21:52:17 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\WINDOWS\system32\netf.dll

05/03/2006,21:52:48 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\WINDOWS\SYSTEM32\NETF.DLL

05/03/2006,21:56:02 ---------------------------------------------------------

05/03/2006,21:56:03 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

05/03/2006,21:56:03 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.67

05/03/2006,21:56:05 Start Filter Device.

05/03/2006,21:56:05 Avira AntiVir PersonalEdition Classic has been started successfully!

05/03/2006,21:56:05 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

05/03/2006,21:56:11 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\WINDOWS\system32\netf.dll

[ERROR] Unable to delete the file:

0x00000005 - Acceso denegado.

05/03/2006,21:56:06 [WARNING] Contains signature of the worm WORM/IRCBot.NW.88!

C:\WINDOWS\system32\nvsvcd.exe

[INFO] The file will be deleted.

05/03/2006,21:58:36 ---------------------------------------------------------

05/03/2006,21:58:38 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

05/03/2006,21:58:38 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.67

05/03/2006,21:58:40 Start Filter Device.

05/03/2006,21:58:40 Avira AntiVir PersonalEdition Classic has been started successfully!

05/03/2006,21:58:40 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

05/03/2006,21:59:20 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\WINDOWS\system32\netf.dll

[ERROR] Unable to move the file to the quarantine directory:

[ERROR] Move to quarantine: file cannot be deleted

05/03/2006,21:58:46 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\WINDOWS\system32\netf.dll

05/03/2006,22:02:02 ---------------------------------------------------------

05/03/2006,22:02:05 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

05/03/2006,22:02:05 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.67

05/03/2006,22:02:06 Start Filter Device.

05/03/2006,22:02:06 Avira AntiVir PersonalEdition Classic has been started successfully!

05/03/2006,22:02:06 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

05/03/2006,22:02:13 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\WINDOWS\system32\netf.dll

05/03/2006,22:08:06 ---------------------------------------------------------

05/03/2006,22:08:08 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

05/03/2006,22:08:08 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.67

05/03/2006,22:08:09 Start Filter Device.

05/03/2006,22:08:09 Avira AntiVir PersonalEdition Classic has been started successfully!

05/03/2006,22:08:09 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

05/03/2006,22:50:28 Stop Filter Device.

05/03/2006,22:51:06 ---------------------------------------------------------

05/03/2006,22:51:08 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

05/03/2006,22:51:08 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.67

05/03/2006,22:51:10 Start Filter Device.

05/03/2006,22:51:10 Avira AntiVir PersonalEdition Classic has been started successfully!

05/03/2006,22:51:11 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

05/03/2006,23:10:45 Stop Filter Device.

05/03/2006,23:11:01 Avira AntiVir PersonalEdition Classic service has been stopped!

05/03/2006,23:11:57 ---------------------------------------------------------

05/03/2006,23:11:58 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

05/03/2006,23:11:58 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.67

05/03/2006,23:12:00 Start Filter Device.

05/03/2006,23:12:00 Avira AntiVir PersonalEdition Classic has been started successfully!

05/03/2006,23:12:00 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

05/03/2006,23:31:18 Stop Filter Device.

05/03/2006,23:31:57 ---------------------------------------------------------

05/03/2006,23:31:58 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

05/03/2006,23:31:58 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.67

05/03/2006,23:32:00 Start Filter Device.

05/03/2006,23:32:00 Avira AntiVir PersonalEdition Classic has been started successfully!

05/03/2006,23:32:00 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

06/03/2006,2:45:56 Stop Filter Device.

06/03/2006,11:45:06 ---------------------------------------------------------

06/03/2006,11:45:08 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

06/03/2006,11:45:08 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.67

06/03/2006,11:45:10 Start Filter Device.

06/03/2006,11:45:10 Avira AntiVir PersonalEdition Classic has been started successfully!

06/03/2006,11:45:10 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

06/03/2006,15:59:39 ---------------------------------------------------------

06/03/2006,15:59:41 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

06/03/2006,15:59:41 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.67

06/03/2006,15:59:44 Start Filter Device.

06/03/2006,15:59:44 Avira AntiVir PersonalEdition Classic has been started successfully!

06/03/2006,15:59:44 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

06/03/2006,16:01:48 Stop Filter Device.

06/03/2006,17:24:02 ---------------------------------------------------------

06/03/2006,17:24:03 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

06/03/2006,17:24:03 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.67

06/03/2006,17:24:05 Start Filter Device.

06/03/2006,17:24:05 Avira AntiVir PersonalEdition Classic has been started successfully!

06/03/2006,17:24:05 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

06/03/2006,17:47:55 Stop Filter Device.

06/03/2006,17:48:33 ---------------------------------------------------------

06/03/2006,17:48:34 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

06/03/2006,17:48:34 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.67

06/03/2006,17:48:35 Start Filter Device.

06/03/2006,17:48:35 Avira AntiVir PersonalEdition Classic has been started successfully!

06/03/2006,17:48:36 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

06/03/2006,17:50:17 Stop Filter Device.

06/03/2006,17:50:33 Avira AntiVir PersonalEdition Classic service has been stopped!

06/03/2006,17:50:33 ---------------------------------------------------------

06/03/2006,17:50:34 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

06/03/2006,17:50:34 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.73

06/03/2006,17:50:35 Start Filter Device.

06/03/2006,17:50:35 Avira AntiVir PersonalEdition Classic has been started successfully!

06/03/2006,17:50:35 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

06/03/2006,18:23:16 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\System Volume Information\_restore{020BA62C-D529-4B96-BF7B-2E0D265179FD}\RP12\A0000849.dll

06/03/2006,19:16:48 Stop Filter Device.

06/03/2006,19:17:29 ---------------------------------------------------------

06/03/2006,19:17:30 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

06/03/2006,19:17:30 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.73

06/03/2006,19:17:32 Start Filter Device.

06/03/2006,19:17:32 Avira AntiVir PersonalEdition Classic has been started successfully!

06/03/2006,19:17:32 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

06/03/2006,19:37:29 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\System Volume Information\_restore{020BA62C-D529-4B96-BF7B-2E0D265179FD}\RP12\A0000849.dll

[INFO] The file will be moved to quarantine.

06/03/2006,21:12:32 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\System Volume Information\_restore{020BA62C-D529-4B96-BF7B-2E0D265179FD}\RP12\A0000933.dll

[INFO] The file will be moved to quarantine.

06/03/2006,21:35:23 Stop Filter Device.

06/03/2006,21:35:40 Avira AntiVir PersonalEdition Classic service has been stopped!

06/03/2006,21:35:40 ---------------------------------------------------------

06/03/2006,21:35:41 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

06/03/2006,21:35:41 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.74

06/03/2006,21:35:43 Start Filter Device.

06/03/2006,21:35:43 Avira AntiVir PersonalEdition Classic has been started successfully!

06/03/2006,21:35:43 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

06/03/2006,22:20:02 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\System Volume Information\_restore{020BA62C-D529-4B96-BF7B-2E0D265179FD}\RP12\A0001933.dll

[INFO] The file will be moved to quarantine.

06/03/2006,23:35:23 Stop Filter Device.

06/03/2006,23:36:01 ---------------------------------------------------------

06/03/2006,23:36:02 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

06/03/2006,23:36:02 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.74

06/03/2006,23:36:04 Start Filter Device.

06/03/2006,23:36:04 Avira AntiVir PersonalEdition Classic has been started successfully!

06/03/2006,23:36:04 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

06/03/2006,23:40:07 Stop Filter Device.

06/03/2006,23:40:24 Avira AntiVir PersonalEdition Classic service has been stopped!

06/03/2006,23:40:24 ---------------------------------------------------------

06/03/2006,23:40:25 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

06/03/2006,23:40:25 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.75

06/03/2006,23:40:26 Start Filter Device.

06/03/2006,23:40:26 Avira AntiVir PersonalEdition Classic has been started successfully!

06/03/2006,23:40:26 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

06/03/2006,23:43:49 Stop Filter Device.

06/03/2006,23:44:05 Avira AntiVir PersonalEdition Classic service has been stopped!

06/03/2006,23:44:57 ---------------------------------------------------------

06/03/2006,23:44:58 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

06/03/2006,23:44:58 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.75

06/03/2006,23:45:00 Start Filter Device.

06/03/2006,23:45:00 Avira AntiVir PersonalEdition Classic has been started successfully!

06/03/2006,23:45:00 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

07/03/2006,0:02:07 Stop Filter Device.

07/03/2006,0:02:44 ---------------------------------------------------------

07/03/2006,0:02:46 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

07/03/2006,0:02:46 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.75

07/03/2006,0:02:48 Start Filter Device.

07/03/2006,0:02:48 Avira AntiVir PersonalEdition Classic has been started successfully!

07/03/2006,0:02:48 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

07/03/2006,0:07:00 Stop Filter Device.

07/03/2006,0:07:16 Avira AntiVir PersonalEdition Classic service has been stopped!

07/03/2006,0:07:51 ---------------------------------------------------------

07/03/2006,0:07:53 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

07/03/2006,0:07:53 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.75

07/03/2006,0:07:54 Start Filter Device.

07/03/2006,0:07:54 Avira AntiVir PersonalEdition Classic has been started successfully!

07/03/2006,0:07:54 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

07/03/2006,0:12:06 Stop Filter Device.

07/03/2006,0:12:22 Avira AntiVir PersonalEdition Classic service has been stopped!

07/03/2006,0:14:09 ---------------------------------------------------------

07/03/2006,0:14:10 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

07/03/2006,0:14:10 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.75

07/03/2006,0:14:12 Start Filter Device.

07/03/2006,0:14:12 Avira AntiVir PersonalEdition Classic has been started successfully!

07/03/2006,0:14:12 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

07/03/2006,0:20:04 ---------------------------------------------------------

07/03/2006,0:20:05 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

07/03/2006,0:20:05 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.75

07/03/2006,0:20:06 Start Filter Device.

07/03/2006,0:20:06 Avira AntiVir PersonalEdition Classic has been started successfully!

07/03/2006,0:20:07 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

07/03/2006,0:22:02 Stop Filter Device.

07/03/2006,0:22:18 Avira AntiVir PersonalEdition Classic service has been stopped!

07/03/2006,0:24:06 ---------------------------------------------------------

07/03/2006,0:24:07 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

07/03/2006,0:24:07 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.75

07/03/2006,0:24:09 Start Filter Device.

07/03/2006,0:24:09 Avira AntiVir PersonalEdition Classic has been started successfully!

07/03/2006,0:24:09 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

07/03/2006,0:31:16 Stop Filter Device.

07/03/2006,0:31:55 ---------------------------------------------------------

07/03/2006,0:31:56 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

07/03/2006,0:31:56 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.75

07/03/2006,0:31:58 Start Filter Device.

07/03/2006,0:31:58 Avira AntiVir PersonalEdition Classic has been started successfully!

07/03/2006,0:31:58 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

07/03/2006,0:37:49 Stop Filter Device.

07/03/2006,0:38:05 Avira AntiVir PersonalEdition Classic service has been stopped!

07/03/2006,0:39:21 ---------------------------------------------------------

07/03/2006,0:39:21 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

07/03/2006,0:39:21 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.75

07/03/2006,0:39:23 Start Filter Device.

07/03/2006,0:39:23 Avira AntiVir PersonalEdition Classic has been started successfully!

07/03/2006,0:39:23 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

07/03/2006,1:04:30 Stop Filter Device.

07/03/2006,1:05:29 ---------------------------------------------------------

07/03/2006,1:05:34 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

07/03/2006,1:05:34 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.75

07/03/2006,1:05:35 Start Filter Device.

07/03/2006,1:05:36 Avira AntiVir PersonalEdition Classic has been started successfully!

07/03/2006,1:05:36 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

07/03/2006,1:47:56 Stop Filter Device.

07/03/2006,13:17:37 ---------------------------------------------------------

07/03/2006,13:17:39 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

07/03/2006,13:17:39 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.75

07/03/2006,13:17:41 Start Filter Device.

07/03/2006,13:17:41 Avira AntiVir PersonalEdition Classic has been started successfully!

07/03/2006,13:17:41 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

07/03/2006,13:19:49 Stop Filter Device.

07/03/2006,13:20:05 Avira AntiVir PersonalEdition Classic service has been stopped!

07/03/2006,13:20:06 ---------------------------------------------------------

07/03/2006,13:20:06 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

07/03/2006,13:20:06 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.78

07/03/2006,13:20:08 Start Filter Device.

07/03/2006,13:20:08 Avira AntiVir PersonalEdition Classic has been started successfully!

07/03/2006,13:20:08 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

07/03/2006,13:25:40 Stop Filter Device.

07/03/2006,16:59:38 ---------------------------------------------------------

07/03/2006,16:59:39 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

07/03/2006,16:59:39 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.78

07/03/2006,16:59:41 Start Filter Device.

07/03/2006,16:59:41 Avira AntiVir PersonalEdition Classic has been started successfully!

07/03/2006,16:59:41 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

07/03/2006,17:05:03 Stop Filter Device.

07/03/2006,17:05:19 Avira AntiVir PersonalEdition Classic service has been stopped!

07/03/2006,17:07:54 ---------------------------------------------------------

07/03/2006,17:07:55 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

07/03/2006,17:07:55 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.78

07/03/2006,17:07:57 Start Filter Device.

07/03/2006,17:07:57 Avira AntiVir PersonalEdition Classic has been started successfully!

07/03/2006,17:07:57 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

07/03/2006,17:11:12 ---------------------------------------------------------

07/03/2006,17:11:16 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

07/03/2006,17:11:16 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.78

07/03/2006,17:11:17 Start Filter Device.

07/03/2006,17:11:17 Avira AntiVir PersonalEdition Classic has been started successfully!

07/03/2006,17:11:17 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

07/03/2006,17:13:14 Stop Filter Device.

07/03/2006,17:13:30 Avira AntiVir PersonalEdition Classic service has been stopped!

07/03/2006,17:16:15 ---------------------------------------------------------

07/03/2006,17:16:16 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

07/03/2006,17:16:16 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.78

07/03/2006,17:16:18 Start Filter Device.

07/03/2006,17:16:18 Avira AntiVir PersonalEdition Classic has been started successfully!

07/03/2006,17:16:18 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

07/03/2006,17:54:14 Stop Filter Device.

07/03/2006,17:54:52 ---------------------------------------------------------

07/03/2006,17:54:54 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

07/03/2006,17:54:54 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.78

07/03/2006,17:54:56 Start Filter Device.

07/03/2006,17:54:56 Avira AntiVir PersonalEdition Classic has been started successfully!

07/03/2006,17:54:56 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

07/03/2006,19:21:39 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\System Volume Information\_restore{020BA62C-D529-4B96-BF7B-2E0D265179FD}\RP12\A0002933.dll

[INFO] The file will be moved to quarantine.

07/03/2006,22:22:19 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\System Volume Information\_restore{020BA62C-D529-4B96-BF7B-2E0D265179FD}\RP12\A0003933.dll

07/03/2006,23:10:28 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\System Volume Information\_restore{020BA62C-D529-4B96-BF7B-2E0D265179FD}\RP12\A0003933.dll

07/03/2006,23:32:46 Stop Filter Device.

07/03/2006,23:33:26 ---------------------------------------------------------

07/03/2006,23:33:29 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

07/03/2006,23:33:29 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.33.1.78

07/03/2006,23:33:31 Start Filter Device.

07/03/2006,23:33:31 Avira AntiVir PersonalEdition Classic has been started successfully!

07/03/2006,23:33:31 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

08/03/2006,0:16:01 Stop Filter Device.

08/03/2006,0:16:17 Avira AntiVir PersonalEdition Classic service has been stopped!

08/03/2006,0:16:17 ---------------------------------------------------------

08/03/2006,0:16:18 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

08/03/2006,0:16:18 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.34.0.14

08/03/2006,0:16:20 Start Filter Device.

08/03/2006,0:16:20 Avira AntiVir PersonalEdition Classic has been started successfully!

08/03/2006,0:16:20 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

08/03/2006,2:24:51 Stop Filter Device.

08/03/2006,14:47:58 ---------------------------------------------------------

08/03/2006,14:48:02 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

08/03/2006,14:48:02 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.34.0.14

08/03/2006,14:48:04 Start Filter Device.

08/03/2006,14:48:04 Avira AntiVir PersonalEdition Classic has been started successfully!

08/03/2006,14:48:04 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

08/03/2006,14:49:35 Stop Filter Device.

08/03/2006,14:49:51 Avira AntiVir PersonalEdition Classic service has been stopped!

08/03/2006,14:49:51 ---------------------------------------------------------

08/03/2006,14:49:52 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!

08/03/2006,14:49:52 AntiVirService Version: 7.00.00.21 AVE Version 6.33.0.38 VDF Version: 6.34.0.16

08/03/2006,14:49:53 Start Filter Device.

08/03/2006,14:49:53 Avira AntiVir PersonalEdition Classic has been started successfully!

08/03/2006,14:49:53 [CONFIG] On-Access configuration used:

- Files to scan: scan files from local drives

- Device mode: scan files on open, scan files on close

- Scan only files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL

.VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

- Unpack runtime compressed files

- Actions: ask the user

- Heuristic: MACRO

- Logfile report level 1

08/03/2006,15:05:54 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\System Volume Information\_restore{020BA62C-D529-4B96-BF7B-2E0D265179FD}\RP12\A0003933.dll

08/03/2006,16:04:01 [WARNING] Contains signature of the worm WORM/IRCBot.NW.85!

C:\System Volume Information\_restore{020BA62C-D529-4B96-BF7B-2E0D265179FD}\RP12\A0003933.dll

[INFO] The file will be deleted.

[msc hotline sat]

Probablemente el fichero que detectó infectado correspondía a:



C:\WINDOWS\system32\netf.dll -> Backdoor.IRCBot.nw



El problema es que no arranca adecuadamente para eliminarlo, debe hacerse EN MODO SEGURO Y DESACTIVANDO LA RESTAURACION DE SISTEMA:



https://foros.zonavirus.com/viewtopic.php?t=5266



Sino, o bien por estar en uso o por estar en el RESTORE o por las dos cosas juntas, eindows no lo permitiria



SI tiene algun problema en eliminacion de virus o spywares, recuerde nuestros tutoriales:



TUTORIAL ANTIVIRUS

https://foros.zonavirus.com/viewtopic.php?t=5370



TUTORIAL ANTISPYWARE

https://foros.zonavirus.com/viewtopic.php?t=4795



saludos



ms, 9-3-2006

[jomarico]

Gracias, de verdad, sois geniales. He desactivado restaurar sistema y he iniciado en modo seguro; ya no me aparece ningún mensaje de infección en restore. En cuanto a lo que me dices del spyboots y spyhadware, como ya comenté, tengo el zone alarm pro que trae el antiespias, creo que debería bastar, sino es así, espero me lo indiques. Gracias.

[msc hotline sat]

Pues nos alegrmos de ello, y solucionado el problema, procedemos a cerrar el tema



saludos



ms, 9-3-2006

[msc hotline sat]

NOTA POSTCIERRE:



Al haber solucionado otro Tema similar gracias a la creacion de la nueva verision del ELITRIIP.EXE, pasamos a informar de que con este Tema conviene que la pruebe:



---v1.97---(17 de Marzo del 2006) (Muestra de BackDoor.CMQ "NVSVCD.EXE")



dado que tenia una clave con un servicio que utilizaba el NVSVCD.EXE, señal de que tiene o ha tenido el virus en cuestion, por lo que le sugerimos qye descargue la ultima version del ELITRIIP y la pruebe:





ELITRIIP:

http://www.zonavirus.com/descargas/elitriip.asp



saludos



ms, 17-3-2006