Voici le rapport d'Antivir lorsqu'il a trouvé l'infection
16/03/2008,08:52:40 ---------------------------------------------------------
16/03/2008,08:52:42 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
16/03/2008,08:52:42 AntiVir Guard version: 7.00.00.81,engine version 7.6.0.15,VDF version: 7.0.0.2
16/03/2008,08:52:43 Start Filter Device.
16/03/2008,08:52:43 Avira AntiVir PersonalEdition Classic has been started successfully!
16/03/2008,08:52:43 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF
.URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
16/03/2008,08:53:17 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF
.URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
16/03/2008,08:54:01 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF
.URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
16/03/2008,08:56:24 Avira AntiVir PersonalEdition Classic service has been stopped!
16/03/2008,08:56:31 ---------------------------------------------------------
16/03/2008,08:56:34 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
16/03/2008,08:56:34 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.31
16/03/2008,08:56:35 Start Filter Device.
16/03/2008,08:56:35 Avira AntiVir PersonalEdition Classic has been started successfully!
16/03/2008,08:56:35 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
16/03/2008,08:56:36 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
16/03/2008,09:06:23 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen!
C:\WINDOWS\system32\ozbowu.exe
16/03/2008,09:06:46 Avira AntiVir PersonalEdition Classic service has been stopped!
16/03/2008,17:43:53 ---------------------------------------------------------
16/03/2008,17:44:00 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
16/03/2008,17:44:00 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.31
16/03/2008,17:44:01 Start Filter Device.
16/03/2008,17:44:01 Avira AntiVir PersonalEdition Classic has been started successfully!
16/03/2008,17:44:01 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
16/03/2008,17:45:18 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\Documents and Settings\Philippe\Local Settings\Temporary Internet Files\Content.IE5\UN9BVX6O\6736f989[1].exe
16/03/2008,17:45:18 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\Documents and Settings\Philippe\uprylo.exe
16/03/2008,17:45:18 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\Documents and Settings\Philippe\uprylo.exe
[INFO] The file will be deleted.
16/03/2008,17:47:10 Update process started!
16/03/2008,17:47:12 Current Engine Version: 7.6.0.73
16/03/2008,17:47:12 Current Pattern File: 7.0.3.33 from 16/03/2008, 16:26
16/03/2008,17:47:12 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
16/03/2008,17:51:47 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\Documents and Settings\Philippe\jilcez.exe
16/03/2008,17:51:47 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\Documents and Settings\Philippe\Local Settings\Temporary Internet Files\Content.IE5\XXJVKR5W\6736f989[1].exe
[INFO] The file will be deleted.
16/03/2008,17:51:47 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\Documents and Settings\Philippe\jilcez.exe
[INFO] The file will be deleted.
16/03/2008,17:58:05 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
16/03/2008,18:12:17 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen!
C:\WINDOWS\system32\ozbowu.exe
16/03/2008,18:12:47 Avira AntiVir PersonalEdition Classic service has been stopped!
16/03/2008,18:13:48 ---------------------------------------------------------
16/03/2008,18:13:57 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
16/03/2008,18:13:57 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.33
16/03/2008,18:13:58 Start Filter Device.
16/03/2008,18:13:58 Avira AntiVir PersonalEdition Classic has been started successfully!
16/03/2008,18:13:58 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
16/03/2008,20:42:34 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen!
C:\WINDOWS\system32\ozbowu.exe
16/03/2008,20:42:38 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen!
C:\WINDOWS\system32\ozbowu.exe
16/03/2008,20:43:02 Avira AntiVir PersonalEdition Classic service has been stopped!
17/03/2008,07:09:54 ---------------------------------------------------------
17/03/2008,07:09:58 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
17/03/2008,07:09:58 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.33
17/03/2008,07:09:59 Start Filter Device.
17/03/2008,07:09:59 Avira AntiVir PersonalEdition Classic has been started successfully!
17/03/2008,07:09:59 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
17/03/2008,07:10:56 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\Documents and Settings\Philippe\xorkob.exe
17/03/2008,07:10:56 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\Documents and Settings\Philippe\Local Settings\Temporary Internet Files\Content.IE5\XXJVKR5W\6736f989[1].exe
[INFO] The file will be deleted.
17/03/2008,07:10:55 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\Documents and Settings\Philippe\xorkob.exe
17/03/2008,08:53:03 Update process started!
17/03/2008,08:53:05 Current Engine Version: 7.6.0.73
17/03/2008,08:53:05 Current Pattern File: 7.0.3.34 from 17/03/2008, 07:55
17/03/2008,08:53:05 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
17/03/2008,23:35:20 Update process started!
17/03/2008,23:35:23 Current Engine Version: 7.6.0.73
17/03/2008,23:35:23 Current Pattern File: 7.0.3.41 from 17/03/2008, 16:32
17/03/2008,23:35:24 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
17/03/2008,23:36:02 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
17/03/2008,23:48:58 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen!
C:\WINDOWS\system32\ozbowu.exe
17/03/2008,23:48:59 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen!
C:\WINDOWS\system32\ozbowu.exe
17/03/2008,23:49:00 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen!
C:\WINDOWS\system32\ozbowu.exe
17/03/2008,23:49:27 Avira AntiVir PersonalEdition Classic service has been stopped!
18/03/2008,07:36:48 ---------------------------------------------------------
18/03/2008,07:36:52 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
18/03/2008,07:36:52 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.41
18/03/2008,07:36:53 Start Filter Device.
18/03/2008,07:36:53 Avira AntiVir PersonalEdition Classic has been started successfully!
18/03/2008,07:36:53 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
18/03/2008,07:43:06 Avira AntiVir PersonalEdition Classic service has been stopped!
18/03/2008,07:44:21 ---------------------------------------------------------
18/03/2008,07:44:24 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
18/03/2008,07:44:24 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.41
18/03/2008,07:44:25 Start Filter Device.
18/03/2008,07:44:26 Avira AntiVir PersonalEdition Classic has been started successfully!
18/03/2008,07:44:26 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
18/03/2008,07:48:23 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen!
C:\WINDOWS\system32\ozbowu.exe
18/03/2008,08:12:12 ---------------------------------------------------------
18/03/2008,08:12:15 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
18/03/2008,08:12:15 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.41
18/03/2008,08:12:16 Start Filter Device.
18/03/2008,08:12:16 Avira AntiVir PersonalEdition Classic has been started successfully!
18/03/2008,08:12:16 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
18/03/2008,08:13:10 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\Documents and Settings\Philippe\iylyyb.exe
18/03/2008,08:13:10 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\Documents and Settings\Philippe\Local Settings\Temporary Internet Files\Content.IE5\XXJVKR5W\6736f989[1].exe
[INFO] The file will be deleted.
18/03/2008,08:13:10 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\Documents and Settings\Philippe\iylyyb.exe
18/03/2008,09:07:24 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
18/03/2008,09:08:00 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\Documents and Settings\Philippe\Local Settings\Temporary Internet Files\Content.IE5\C3TX8T36\6736f989[1].exe
18/03/2008,09:08:00 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\Documents and Settings\Philippe\hqchyh.exe
18/03/2008,09:07:59 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\Documents and Settings\Philippe\hqchyh.exe
18/03/2008,09:15:00 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\Documents and Settings\Philippe\vnhsgu.exe
18/03/2008,09:15:00 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\Documents and Settings\Philippe\Local Settings\Temporary Internet Files\Content.IE5\XXJVKR5W\6736f989[1].exe
18/03/2008,09:14:59 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\Documents and Settings\Philippe\vnhsgu.exe
18/03/2008,15:12:07 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen!
C:\WINDOWS\system32\ozbowu.exe
18/03/2008,15:11:56 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen!
C:\WINDOWS\system32\ozbowu.exe
18/03/2008,15:16:20 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\WINDOWS\system32\hysmxv.exe
18/03/2008,15:16:20 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\Documents and Settings\Philippe\Local Settings\Temporary Internet Files\Content.IE5\XXJVKR5W\6736f989[1].exe
18/03/2008,15:16:20 [WARNING] Is the Trojan horse TR/Crypt.ULPM.Gen!
C:\WINDOWS\system32\hysmxv.exe
18/03/2008,17:01:11 Avira AntiVir PersonalEdition Classic service has been stopped!
18/03/2008,17:02:15 ---------------------------------------------------------
18/03/2008,17:02:18 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
18/03/2008,17:02:18 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.41
18/03/2008,17:02:19 Start Filter Device.
18/03/2008,17:02:19 Avira AntiVir PersonalEdition Classic has been started successfully!
18/03/2008,17:02:19 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
18/03/2008,18:52:57 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen!
C:\WINDOWS\system32\ozbowu.exe
18/03/2008,18:53:33 Avira AntiVir PersonalEdition Classic service has been stopped!
18/03/2008,19:08:46 ---------------------------------------------------------
18/03/2008,19:08:49 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
18/03/2008,19:08:49 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.41
18/03/2008,19:08:50 Start Filter Device.
18/03/2008,19:08:50 Avira AntiVir PersonalEdition Classic has been started successfully!
18/03/2008,19:08:50 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
18/03/2008,19:54:12 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen!
C:\WINDOWS\system32\ozbowu.exe
18/03/2008,19:54:18 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen!
C:\WINDOWS\system32\ozbowu.exe
18/03/2008,20:56:01 Avira AntiVir PersonalEdition Classic service has been stopped!
18/03/2008,20:57:05 ---------------------------------------------------------
18/03/2008,20:57:09 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
18/03/2008,20:57:09 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.41
18/03/2008,20:57:10 Start Filter Device.
18/03/2008,20:57:10 Avira AntiVir PersonalEdition Classic has been started successfully!
18/03/2008,20:57:10 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
18/03/2008,23:30:13 Avira AntiVir PersonalEdition Classic service has been stopped!
19/03/2008,06:12:09 ---------------------------------------------------------
19/03/2008,06:12:13 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
19/03/2008,06:12:13 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.41
19/03/2008,06:12:14 Start Filter Device.
19/03/2008,06:12:14 Avira AntiVir PersonalEdition Classic has been started successfully!
19/03/2008,06:12:14 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
19/03/2008,06:18:28 Avira AntiVir PersonalEdition Classic service has been stopped!
19/03/2008,07:43:50 ---------------------------------------------------------
19/03/2008,07:43:53 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
19/03/2008,07:43:53 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.73,VDF version: 7.0.3.41
19/03/2008,07:43:54 Start Filter Device.
19/03/2008,07:43:55 Avira AntiVir PersonalEdition Classic has been started successfully!
19/03/2008,07:43:55 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
19/03/2008,07:48:40 Update process started!
19/03/2008,07:48:44 Current Engine Version: 7.6.0.75
19/03/2008,07:48:44 Current Pattern File: 7.0.3.50 from 19/03/2008, 07:11
19/03/2008,07:48:44 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
19/03/2008,08:53:02 Update process started!
19/03/2008,08:53:04 Current Engine Version: 7.6.0.75
19/03/2008,08:53:04 Current Pattern File: 7.0.3.51 from 19/03/2008, 08:27
19/03/2008,08:53:04 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
19/03/2008,10:17:54 Avira AntiVir PersonalEdition Classic service has been stopped!
19/03/2008,22:47:34 ---------------------------------------------------------
19/03/2008,22:47:37 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
19/03/2008,22:47:37 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.75,VDF version: 7.0.3.51
19/03/2008,22:47:38 Start Filter Device.
19/03/2008,22:47:38 Avira AntiVir PersonalEdition Classic has been started successfully!
19/03/2008,22:47:38 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
19/03/2008,23:19:34 Avira AntiVir PersonalEdition Classic service has been stopped!
19/03/2008,23:20:33 ---------------------------------------------------------
19/03/2008,23:20:37 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
19/03/2008,23:20:37 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.75,VDF version: 7.0.3.51
19/03/2008,23:20:38 Start Filter Device.
19/03/2008,23:20:38 Avira AntiVir PersonalEdition Classic has been started successfully!
19/03/2008,23:20:38 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
20/03/2008,00:38:12 Avira AntiVir PersonalEdition Classic service has been stopped!
20/03/2008,11:01:12 ---------------------------------------------------------
20/03/2008,11:01:15 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version!
20/03/2008,11:01:15 AntiVir Guard version: 7.00.00.82,engine version 7.6.0.75,VDF version: 7.0.3.51
20/03/2008,11:01:17 Start Filter Device.
20/03/2008,11:01:17 Avira AntiVir PersonalEdition Classic has been started successfully!
20/03/2008,11:01:17 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
20/03/2008,11:03:43 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
20/03/2008,11:05:27 Update process started!
20/03/2008,11:05:29 Current Engine Version: 7.6.0.75
20/03/2008,11:05:29 Current Pattern File: 7.0.3.59 from 20/03/2008, 10:32
20/03/2008,11:05:30 [CONFIG] On-Access configuration used:
- Files to scan: scan files from local drives
- Device mode: scan files on open, scan files on close
- Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP
.TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP
- Unpack runtime compressed files
- Actions: ask the user
- Heuristic: MACRO , WIN32 MEDIUM
- Logfile report level 1
20/03/2008,12:03:34 [WARNING] Is the Trojan horse TR/Trash.Gen!
C:\System Volume Information\_restore{75A78811-67CB-44E9-8A11-CBE5A3BE447A}\RP2\A0000046.exe
20/03/2008,15:33:34 [WARNING] Is the Trojan horse TR/Trash.Gen!
C:\System Volume Information\_restore{75A78811-67CB-44E9-8A11-CBE5A3BE447A}\RP2\A0000046.exe
[INFO] The file will be deleted.
Antivir supprimer tr/downloader.gen
