هذا التقرير
BitDefender QuickScan Beta 0.9.4.0 - Apr 30 2009, 19:57:49
----------------------------------------------------------------
Scan date/time: Wed May 06 23:02:28 2009
Machine Id: 5048D83C
Processes
----------
<unsigned> Antivirus Engine Service 1560 C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
<unsigned> Antivirus Scheduler 1308 C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
<unsigned> RichVideo Module 1636 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
<unsigned> IAPro.exe 2532 H:\Internet Antivirus Pro\IAPro.exe
<verified> Machine Debug Manager 1596 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
<verified> WLLoginProxy.exe 2932 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
<verified> RealNetworks Scheduler 2436 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
<verified> Internet Explorer 532 C:\Program Files\internet explorer\iexplore.exe
<verified> Internet Explorer 2912 C:\Program Files\internet explorer\iexplore.exe
<verified> Messenger 2452 C:\Program Files\MSN Messenger\msnmsgr.exe
<verified> Messenger Sharing USN Journal Reader Service 3888 C:\Program Files\MSN Messenger\usnsvc.exe
<verified> Windows Explorer 540 C:\WINDOWS\explorer.exe
<verified> Application Layer Gateway Service 340 C:\WINDOWS\System32\alg.exe
<verified> Client Server Runtime Process 672 C:\WINDOWS\system32\csrss.exe
<verified> LSA Shell (Export Version) 752 C:\WINDOWS\system32\lsass.exe
<verified> Paint 3588 C:\WINDOWS\system32\mspaint.exe
<verified> Services and Controller app 740 C:\WINDOWS\system32\services.exe
<verified> Windows NT Session Manager 620 C:\WINDOWS\System32\smss.exe
<verified> Spooler SubSystem App 1240 C:\WINDOWS\system32\spoolsv.exe
<verified> Generic Host Process for Win32 Services 920 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 996 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 1036 C:\WINDOWS\System32\svchost.exe
<verified> Generic Host Process for Win32 Services 1128 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 1176 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 1700 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 2672 C:\WINDOWS\System32\svchost.exe
<verified> Generic Host Process for Win32 Services 3672 C:\WINDOWS\system32\svchost.exe
<verified> Windows NT Logon Application 696 C:\WINDOWS\system32\winlogon.exe
Autoruns and critical files
---------------------------
c:\program files\common files\real\update_ob\realsched.exe
c:\program files\msn messenger\msnmsgr.exe
c:\windows\system32\crypt32.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\igfxdev.dll
c:\windows\system32\logonui.exe
c:\windows\system32\mswsock.dll
c:\windows\system32\nwprovau.dll
c:\windows\system32\rsvpsp.dll
c:\windows\system32\sclgntfy.dll
c:\windows\system32\wgalogon.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wlnotify.dll
h:\internet antivirus pro\iapro.exe
Browser plugins
---------------
c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
c:\program files\java\jre1.6.0_01\bin\ssv.dll
c:\program files\real\realplayer\netscape6\nppl3260.dll
c:\program files\real\realplayer\netscape6\nprjplug.dll
c:\program files\real\realplayer\netscape6\nprpjplug.dll
c:\program files\real\realplayer\rpbrowserrecordplugin.dll
c:\program files\real\rhapsodyplayerengine\nprhapengine.dll
c:\program files\yahoo!\shared\npystate.dll
c:\windows\downloaded program files\activeqscan.ocx
c:\windows\downloaded program files\fp_ax_cab_installer.exe
c:\windows\system32\macromed\flash\npswf32.dll
c:\windows\system32\shdocvw.dll
Missing files
-------------
File not found: C:\Documents and Settings\ASD\ASD.exe /i
referenced in: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"ASD"
D:\autorun.inf executes D:\zpharaoh.exe
E:\autorun.inf executes E:\zpharaoh.exe
H:\autorun.inf executes H:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\md32.exe
Scan
----
C:\windows\system32\wsnpoema.exe - could not be scanned
C:\windows\system32\wsnpoema\video.dll - could not be scanned
The following files must be uploaded for server-side scanning:
H:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\md32.exe
Upload canceled by user.
No file uploaded.
Found 7 infected items!
c:\windows\system32\citsfel.dll - Trojan.Dropper.SZM
C:\WINDOWS\system32\svchost.exe:ext.exe - Gen:Trojan.Heur.P20708FDFDF
C:\WINDOWS\system32\drivers\wsnpoem.sys - Backdoor.Kollah.E
D:\autorun.inf - Trojan.Autorun.QR
D:\zpharaoh.exe - Win32.Worm.Mabezat.J
E:\autorun.inf - Trojan.Autorun.QR
E:\zpharaoh.exe - Win32.Worm.Mabezat.J
Process svchost.exe (1036) - is affected by Trojan.Dropper.SZM
BitDefender QuickScan Beta 0.9.4.0 - Apr 30 2009, 19:57:49
----------------------------------------------------------------
Scan date/time: Wed May 06 23:02:28 2009
Machine Id: 5048D83C
Processes
----------
<unsigned> Antivirus Engine Service 1560 C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
<unsigned> Antivirus Scheduler 1308 C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
<unsigned> RichVideo Module 1636 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
<unsigned> IAPro.exe 2532 H:\Internet Antivirus Pro\IAPro.exe
<verified> Machine Debug Manager 1596 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
<verified> WLLoginProxy.exe 2932 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
<verified> RealNetworks Scheduler 2436 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
<verified> Internet Explorer 532 C:\Program Files\internet explorer\iexplore.exe
<verified> Internet Explorer 2912 C:\Program Files\internet explorer\iexplore.exe
<verified> Messenger 2452 C:\Program Files\MSN Messenger\msnmsgr.exe
<verified> Messenger Sharing USN Journal Reader Service 3888 C:\Program Files\MSN Messenger\usnsvc.exe
<verified> Windows Explorer 540 C:\WINDOWS\explorer.exe
<verified> Application Layer Gateway Service 340 C:\WINDOWS\System32\alg.exe
<verified> Client Server Runtime Process 672 C:\WINDOWS\system32\csrss.exe
<verified> LSA Shell (Export Version) 752 C:\WINDOWS\system32\lsass.exe
<verified> Paint 3588 C:\WINDOWS\system32\mspaint.exe
<verified> Services and Controller app 740 C:\WINDOWS\system32\services.exe
<verified> Windows NT Session Manager 620 C:\WINDOWS\System32\smss.exe
<verified> Spooler SubSystem App 1240 C:\WINDOWS\system32\spoolsv.exe
<verified> Generic Host Process for Win32 Services 920 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 996 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 1036 C:\WINDOWS\System32\svchost.exe
<verified> Generic Host Process for Win32 Services 1128 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 1176 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 1700 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 2672 C:\WINDOWS\System32\svchost.exe
<verified> Generic Host Process for Win32 Services 3672 C:\WINDOWS\system32\svchost.exe
<verified> Windows NT Logon Application 696 C:\WINDOWS\system32\winlogon.exe
Autoruns and critical files
---------------------------
c:\program files\common files\real\update_ob\realsched.exe
c:\program files\msn messenger\msnmsgr.exe
c:\windows\system32\crypt32.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\igfxdev.dll
c:\windows\system32\logonui.exe
c:\windows\system32\mswsock.dll
c:\windows\system32\nwprovau.dll
c:\windows\system32\rsvpsp.dll
c:\windows\system32\sclgntfy.dll
c:\windows\system32\wgalogon.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wlnotify.dll
h:\internet antivirus pro\iapro.exe
Browser plugins
---------------
c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
c:\program files\java\jre1.6.0_01\bin\ssv.dll
c:\program files\real\realplayer\netscape6\nppl3260.dll
c:\program files\real\realplayer\netscape6\nprjplug.dll
c:\program files\real\realplayer\netscape6\nprpjplug.dll
c:\program files\real\realplayer\rpbrowserrecordplugin.dll
c:\program files\real\rhapsodyplayerengine\nprhapengine.dll
c:\program files\yahoo!\shared\npystate.dll
c:\windows\downloaded program files\activeqscan.ocx
c:\windows\downloaded program files\fp_ax_cab_installer.exe
c:\windows\system32\macromed\flash\npswf32.dll
c:\windows\system32\shdocvw.dll
Missing files
-------------
File not found: C:\Documents and Settings\ASD\ASD.exe /i
referenced in: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"ASD"
D:\autorun.inf executes D:\zpharaoh.exe
E:\autorun.inf executes E:\zpharaoh.exe
H:\autorun.inf executes H:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\md32.exe
Scan
----
C:\windows\system32\wsnpoema.exe - could not be scanned
C:\windows\system32\wsnpoema\video.dll - could not be scanned
The following files must be uploaded for server-side scanning:
H:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\md32.exe
Upload canceled by user.
No file uploaded.
Found 7 infected items!
c:\windows\system32\citsfel.dll - Trojan.Dropper.SZM
C:\WINDOWS\system32\svchost.exe:ext.exe - Gen:Trojan.Heur.P20708FDFDF
C:\WINDOWS\system32\drivers\wsnpoem.sys - Backdoor.Kollah.E
D:\autorun.inf - Trojan.Autorun.QR
D:\zpharaoh.exe - Win32.Worm.Mabezat.J
E:\autorun.inf - Trojan.Autorun.QR
E:\zpharaoh.exe - Win32.Worm.Mabezat.J
Process svchost.exe (1036) - is affected by Trojan.Dropper.SZM
