BitDefender QuickScan Beta v0.9.4.7
-----------------------------------
Scan date: Tue Jul 14 20:43:55 2009
Machine ID: F8C59EEF
Found 2 infected items!
------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\13.exe - Trojan.Generic.2093831
C:\Documents and Settings\سمر\Start Menu\Programs\Startup\13.exe - Trojan.Generic.2093831
Processes
---------
<unsigned> RichVideo Module 1672 C:\Program Files\CyberLink\Shared files\RichVideo.exe
<unsigned> Bluetooth Application 10320 C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
<unsigned> BTNtService.exe 1544 C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
<unsigned> WDelMgr20.exe 1740 C:\WINDOWS\system32\drivers\WDelMgr20.exe
<verified> Internet Explorer 428 C:\Program Files\Internet Explorer\IEXPLORE.EXE
<verified> Internet Explorer 816 C:\Program Files\Internet Explorer\IEXPLORE.EXE
<verified> Internet Explorer 1084 C:\Program Files\Internet Explorer\IEXPLORE.EXE
<verified> Internet Explorer 12896 C:\Program Files\internet explorer\iexplore.exe
<verified> Windows Live Messenger 544 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
<verified> Windows Live Messenger 3180 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
<verified> Windows Explorer 600 C:\WINDOWS\Explorer.EXE
<verified> Application Layer Gateway Service 1968 C:\WINDOWS\System32\alg.exe
<verified> Client Server Runtime Process 680 C:\WINDOWS\system32\csrss.exe
<verified> CTF Loader 524 C:\WINDOWS\system32\ctfmon.exe
<verified> LSA Shell (Export Version) 772 C:\WINDOWS\system32\lsass.exe
<verified> Services and Controller app 760 C:\WINDOWS\system32\services.exe
<verified> Windows NT Session Manager 464 C:\WINDOWS\System32\smss.exe
<verified> Spooler SubSystem App 1440 C:\WINDOWS\system32\spoolsv.exe
<verified> Generic Host Process for Win32 Services 920 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 964 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 996 C:\WINDOWS\System32\svchost.exe
<verified> Generic Host Process for Win32 Services 1044 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 1188 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 1556 C:\WINDOWS\system32\svchost.exe
<verified> Windows NT Logon Application 716 C:\WINDOWS\system32\winlogon.exe
Autoruns and critical files
---------------------------
<unsigned> Onatw tenm ofoira option pedsea C:\Documents and Settings\All Users\Application Data\BONE ABOUT BOOK BOWS\Axis Second.exe
<unsigned> 13.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\13.exe
<unsigned> Sce witsod at thicled C:\Documents and Settings\سمر\Application Data\WEBSAFESOFT\poptraybore.exe
<unsigned> Arrang abri rso c:\Documents and Settings\سمر\Application Data\WEBSAFESOFT\Soap Hope Mp3.exe
<unsigned> 13.exe C:\Documents and Settings\سمر\Start Menu\Programs\Startup\13.exe
<verified> Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
<verified> Crypto API32 C:\WINDOWS\system32\CRYPT32.dll
<verified> Crypto Network Related API C:\WINDOWS\system32\CRYPTNET.dll
<verified> Offline Network Agent C:\WINDOWS\system32\cscdll.dll
<verified> CTF Loader C:\WINDOWS\system32\ctfmon.exe
<verified> Windows Logon UI C:\WINDOWS\system32\logonui.exe
<verified> Microsoft Windows Sockets 2.0 Service Provider C:\WINDOWS\System32\mswsock.dll
<verified> Microsoft Windows Rsvp 1.0 Service Provider C:\WINDOWS\system32\rsvpsp.dll
<verified> Secondary Logon Service Notification DLL C:\WINDOWS\system32\sclgntfy.dll
<verified> Windows Genuine Advantage Notification C:\WINDOWS\system32\WgaLogon.dll
<verified> LDAP RnR Provider DLL C:\WINDOWS\System32\winrnr.dll
<verified> Common DLL to receive Winlogon notifications C:\WINDOWS\system32\WlNotify.dll
<verified> Windows Sockets Helper DLL C:\WINDOWS\system32\wshbth.dll
Browser plugins
---------------
<verified> Adobe PDF Helper for Internet Explorer c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
<verified> WindowsLiveLogin.dll c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Java(TM) Platform SE binary c:\program files\java\jre1.6.0\bin\ssv.dll
<verified> Windows Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
<verified> Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> Rhapsody Player Engine Plugin C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
<verified> SweetIM Toolbar for Internet Explorer c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll
<verified> BitDefender QuickScan Client ActiveX C:\WINDOWS\Downloaded Program Files\ActiveQscan.ocx
<verified> Adobe® Flash® Player ActiveX Installer C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> Zone.com Stats Client for MSN Messenger C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
<verified> Network Diagnostic for Windows XP C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Internet Explorer C:\WINDOWS\system32\ieframe.dll
Scan
----
The following file(s) must be uploaded for server-side scanning:
c:\Documents and Settings\سمر\Application Data\WEBSAFESOFT\Soap Hope Mp3.exe
C:\Documents and Settings\سمر\Application Data\WEBSAFESOFT\poptraybore.exe
C:\Documents and Settings\All Users\Application Data\BONE ABOUT BOOK BOWS\Axis Second.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\13.exe
C:\Documents and Settings\سمر\Start Menu\Programs\Startup\13.exe
Upload started - 5 file(s)
Upload: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\13.exe - 100053 bytes, hash: 86b5eaa903671d1b47a9156ed9b408c1
Upload: C:\Documents and Settings\سمر\Start Menu\Programs\Startup\13.exe - 100053 bytes, hash: 86b5eaa903671d1b47a9156ed9b408c1
Upload: c:\Documents and Settings\سمر\Application Data\WEBSAFESOFT\Soap Hope Mp3.exe - 351744 bytes, hash: 14236f604051c14c4f309ae5735ce67a
Upload: C:\Documents and Settings\سمر\Application Data\WEBSAFESOFT\poptraybore.exe - 544768 bytes, hash: 42a8b4beb445110a4031024e551eb59d
Upload: C:\Documents and Settings\All Users\Application Data\BONE ABOUT BOOK BOWS\Axis Second.exe - 962560 bytes, hash: 55f5d9744043a10ae7e3f46d7f3466df
Upload speed - 10 KB/s
Upload finished - 5 uploaded, 0 failed
