ام امجد
زيزوومي جديد
غير متصل
السلام عليكم ورحمة الله
هذا تقرير فحص جهاز بالبيت ديفندر
BitDefender QuickScan Beta v0.9.4.9
-----------------------------------
Scan date: Thu Jul 16 15:01:44 2009
Machine ID: BC952A73
Found 1 infected item!
-----------------------
D:\d1vmq.exe - Trojan.PWS.OnlineGames.KBTT
Processes
---------
<unsigned> Deep Freeze 6 utility 464 C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
<unsigned> Deep Freeze 6 service 884 C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
<unsigned> MSN Messenger 1752 C:\Program Files\MSN Messenger\MsnMsgr.Exe
<unsigned> CameraMonitor Application 1736 C:\WINDOWS\vsnpstd3.exe
<verified> SMax4PNP MFC Application 1712 C:\Program Files\Analog Devices\Core\smax4pnp.exe
<verified> RealNetworks Scheduler 1704 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
<verified> Internet Explorer 3800 C:\Program Files\Internet Explorer\iexplore.exe
<verified> Explorateur Windows 1608 C:\WINDOWS\Explorer.EXE
<verified> CTF Loader 1744 C:\WINDOWS\system32\ctfmon.exe
<verified> hkcmd Module 1728 C:\WINDOWS\system32\hkcmd.exe
<verified> LSA Shell (Export Version) 728 C:\WINDOWS\system32\lsass.exe
<verified> Applications Services et Contrôleur 716 C:\WINDOWS\system32\services.exe
<verified> Gestionnaire de session Windows NT 572 C:\WINDOWS\System32\smss.exe
<verified> Spooler SubSystem App 1588 C:\WINDOWS\system32\spoolsv.exe
<verified> Generic Host Process for Win32 Services 588 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 936 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 1092 C:\WINDOWS\System32\svchost.exe
<verified> Application d'ouverture de session Windows NT 664 C:\WINDOWS\system32\winlogon.exe
Network activity
----------------
Process MsnMsgr.Exe (1752) connected to 64.4.34.103 on port 1863 (MSN)
Process MsnMsgr.Exe (1752) connected to 207.46.28.81 on port 80 (HTTP)
Process MsnMsgr.Exe (1752) connected to 213.199.141.141 on port 80 (HTTP)
Process iexplore.exe (3800) connected to 94.76.231.129 on port 80 (HTTP)
Process iexplore.exe (3800) connected to 94.76.231.129 on port 80 (HTTP)
Autoruns and critical files
---------------------------
<unsigned> MSN Messenger C:\Program Files\MSN Messenger\MsnMsgr.Exe
<unsigned> LogonDll.dll C:\WINDOWS\system32\LogonDll.dll
<unsigned> Windows Logon UI C:\WINDOWS\system32\logonui.exe
<unsigned> CameraMonitor Application C:\WINDOWS\vsnpstd3.exe
<verified> SMax4PNP MFC Application C:\Program Files\Analog Devices\Core\smax4pnp.exe
<verified> RealNetworks Scheduler C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
<verified> Yahoo! Messenger C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
<verified> Crypto API32 C:\WINDOWS\system32\CRYPT32.dll
<verified> Crypto Network Related API C:\WINDOWS\system32\CRYPTNET.dll
<verified> Agent réseau hors connexion C:\WINDOWS\System32\CSCDLL.dll
<verified> CTF Loader C:\WINDOWS\system32\ctfmon.exe
<verified> hkcmd Module C:\WINDOWS\system32\hkcmd.exe
<verified> igfxsrvc Module C:\WINDOWS\system32\igfxsrvc.dll
<verified> igfxTray Module C:\WINDOWS\system32\igfxtray.exe
<verified> Fournisseur de service Sockets 2.0 de Microsoft Wi C:\WINDOWS\System32\mswsock.dll
<verified> Microsoft Windows Rsvp 1.0 Service Provider C:\WINDOWS\system32\rsvpsp.dll
<verified> DLL secondaire de notification de service d'ouvert C:\WINDOWS\system32\sclgntfy.dll
<verified> Installateur de classes d'images fixes C:\WINDOWS\system32\sti_ci.dll
<verified> LDAP RnR Provider DLL C:\WINDOWS\System32\winrnr.dll
<verified> DLL commune de réception des notifications Winlogo C:\WINDOWS\system32\wlnotify.dll
Browser plugins
---------------
<unsigned> RealJukebox Netscape Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<unsigned> 6.0.11.3006 C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
<unsigned> Skype add-on for IE C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
<unsigned> Windows Media Player 2 ActiveX Control c:\windows\system32\msdxm.ocx
<verified> Adobe Acrobat IE Helper Version 6.0 for ActivieX C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
<verified> RealPlayer(tm) LiveConnect-Enabled Plug-In C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
<verified> RealPlayer Download and Record Plugin for Internet C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
<verified> Yahoo Application State Plugin version 1.0.0.7 C:\Program Files\Yahoo!\Shared\npYState.dll
<verified> BitDefender QuickScan Client ActiveX C:\WINDOWS\Downloaded Program Files\ActiveQscan.ocx
<verified> Bibliothèque d'objets et de contrôles de documents C:\WINDOWS\system32\SHDOCVW.dll
Missing files
-------------
File not found: C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
referenced in: HKLM\Software\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\"Exec"
D:\autorun.inf executes D:\d1vmq.exe
Scan
----
The following file(s) must be uploaded for server-side scanning:
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\byblos.dll
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
Upload started - 4 file(s)
Upload: C:\WINDOWS\system32\logonui.exe - 515584 bytes, hash: 261c67f862ee806704d36675a98884c2
Upload: C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe - (highly recommended) 743296 bytes, hash: 6eab453f929402797ff71ff17479806d
Upload: C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe - (highly recommended) 970085 bytes, hash: 38366b635c58a9f356ffc454466318ad
Upload: C:\WINDOWS\byblos.dll - 53248 bytes, hash: f8ba08083492e30d6e553e63a1415958
Upload speed - 2 KB/s
Upload finished - 4 uploaded, 0 failed
The uploaded file(s) were found clean.
هذا تقرير فحص جهاز بالبيت ديفندر
BitDefender QuickScan Beta v0.9.4.9
-----------------------------------
Scan date: Thu Jul 16 15:01:44 2009
Machine ID: BC952A73
Found 1 infected item!
-----------------------
D:\d1vmq.exe - Trojan.PWS.OnlineGames.KBTT
Processes
---------
<unsigned> Deep Freeze 6 utility 464 C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
<unsigned> Deep Freeze 6 service 884 C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
<unsigned> MSN Messenger 1752 C:\Program Files\MSN Messenger\MsnMsgr.Exe
<unsigned> CameraMonitor Application 1736 C:\WINDOWS\vsnpstd3.exe
<verified> SMax4PNP MFC Application 1712 C:\Program Files\Analog Devices\Core\smax4pnp.exe
<verified> RealNetworks Scheduler 1704 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
<verified> Internet Explorer 3800 C:\Program Files\Internet Explorer\iexplore.exe
<verified> Explorateur Windows 1608 C:\WINDOWS\Explorer.EXE
<verified> CTF Loader 1744 C:\WINDOWS\system32\ctfmon.exe
<verified> hkcmd Module 1728 C:\WINDOWS\system32\hkcmd.exe
<verified> LSA Shell (Export Version) 728 C:\WINDOWS\system32\lsass.exe
<verified> Applications Services et Contrôleur 716 C:\WINDOWS\system32\services.exe
<verified> Gestionnaire de session Windows NT 572 C:\WINDOWS\System32\smss.exe
<verified> Spooler SubSystem App 1588 C:\WINDOWS\system32\spoolsv.exe
<verified> Generic Host Process for Win32 Services 588 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 936 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 1092 C:\WINDOWS\System32\svchost.exe
<verified> Application d'ouverture de session Windows NT 664 C:\WINDOWS\system32\winlogon.exe
Network activity
----------------
Process MsnMsgr.Exe (1752) connected to 64.4.34.103 on port 1863 (MSN)
Process MsnMsgr.Exe (1752) connected to 207.46.28.81 on port 80 (HTTP)
Process MsnMsgr.Exe (1752) connected to 213.199.141.141 on port 80 (HTTP)
Process iexplore.exe (3800) connected to 94.76.231.129 on port 80 (HTTP)
Process iexplore.exe (3800) connected to 94.76.231.129 on port 80 (HTTP)
Autoruns and critical files
---------------------------
<unsigned> MSN Messenger C:\Program Files\MSN Messenger\MsnMsgr.Exe
<unsigned> LogonDll.dll C:\WINDOWS\system32\LogonDll.dll
<unsigned> Windows Logon UI C:\WINDOWS\system32\logonui.exe
<unsigned> CameraMonitor Application C:\WINDOWS\vsnpstd3.exe
<verified> SMax4PNP MFC Application C:\Program Files\Analog Devices\Core\smax4pnp.exe
<verified> RealNetworks Scheduler C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
<verified> Yahoo! Messenger C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
<verified> Crypto API32 C:\WINDOWS\system32\CRYPT32.dll
<verified> Crypto Network Related API C:\WINDOWS\system32\CRYPTNET.dll
<verified> Agent réseau hors connexion C:\WINDOWS\System32\CSCDLL.dll
<verified> CTF Loader C:\WINDOWS\system32\ctfmon.exe
<verified> hkcmd Module C:\WINDOWS\system32\hkcmd.exe
<verified> igfxsrvc Module C:\WINDOWS\system32\igfxsrvc.dll
<verified> igfxTray Module C:\WINDOWS\system32\igfxtray.exe
<verified> Fournisseur de service Sockets 2.0 de Microsoft Wi C:\WINDOWS\System32\mswsock.dll
<verified> Microsoft Windows Rsvp 1.0 Service Provider C:\WINDOWS\system32\rsvpsp.dll
<verified> DLL secondaire de notification de service d'ouvert C:\WINDOWS\system32\sclgntfy.dll
<verified> Installateur de classes d'images fixes C:\WINDOWS\system32\sti_ci.dll
<verified> LDAP RnR Provider DLL C:\WINDOWS\System32\winrnr.dll
<verified> DLL commune de réception des notifications Winlogo C:\WINDOWS\system32\wlnotify.dll
Browser plugins
---------------
<unsigned> RealJukebox Netscape Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<unsigned> 6.0.11.3006 C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
<unsigned> Skype add-on for IE C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
<unsigned> Windows Media Player 2 ActiveX Control c:\windows\system32\msdxm.ocx
<verified> Adobe Acrobat IE Helper Version 6.0 for ActivieX C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
<verified> RealPlayer(tm) LiveConnect-Enabled Plug-In C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
<verified> RealPlayer Download and Record Plugin for Internet C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
<verified> Yahoo Application State Plugin version 1.0.0.7 C:\Program Files\Yahoo!\Shared\npYState.dll
<verified> BitDefender QuickScan Client ActiveX C:\WINDOWS\Downloaded Program Files\ActiveQscan.ocx
<verified> Bibliothèque d'objets et de contrôles de documents C:\WINDOWS\system32\SHDOCVW.dll
Missing files
-------------
File not found: C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
referenced in: HKLM\Software\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\"Exec"
D:\autorun.inf executes D:\d1vmq.exe
Scan
----
The following file(s) must be uploaded for server-side scanning:
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\byblos.dll
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
Upload started - 4 file(s)
Upload: C:\WINDOWS\system32\logonui.exe - 515584 bytes, hash: 261c67f862ee806704d36675a98884c2
Upload: C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe - (highly recommended) 743296 bytes, hash: 6eab453f929402797ff71ff17479806d
Upload: C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe - (highly recommended) 970085 bytes, hash: 38366b635c58a9f356ffc454466318ad
Upload: C:\WINDOWS\byblos.dll - 53248 bytes, hash: f8ba08083492e30d6e553e63a1415958
Upload speed - 2 KB/s
Upload finished - 4 uploaded, 0 failed
The uploaded file(s) were found clean.
