--> Devnullius's Choices: A list of default programs to keep your PC running well!
0 Members and 1 Guest are viewing this topic.
As I know, it is a Kas. behavioral detection from Proactive Defense (simply means KIS does not know what application is causing the detection).But Fungus don't worry, We'll resolve this with some other tool. Please, Open NEW Topic in SCF "PC Help Center": http://scforum.info/index.php?action=forum and provide us next info. ASAP:1. All possible details related to yours problems / infection.2. Run BitDefender Online AntiVirus Scan: http://scforum.info/index.php/topic,734.0.html3. Download & run HijackThis: http://scforum.info/index.php/topic,785.0.html4. Provide us logs from HijackThis & BitDefender Online ScanI'll wait your reply (with logs).Regards,S.
BitDefender QuickScan Beta 32-bit v0.9.9.9------------------------------------------Scan date: Thu Mar 18 03:23:21 2010Machine ID: DC1E65AANo infection found.---------------------Processes---------<unsigned> AntiPoisoner.exe 592 C:\cap\AntiPoisoner.exe<verified> DAEMON Tools Lite 600 C:\Program Files\DAEMON Tools Lite\DTLite.exe<verified> Firefox 6084 C:\Program Files\Mozilla Firefox\firefox.exe<verified> GrooveMonitor Utility 416 F:\Program\Microsoft Office\Office12\GrooveMonitor.exe<verified> Kaspersky Anti-Virus 1232 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe<verified> Kaspersky Anti-Virus 4020 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe<verified> Microsoft® Windows® Operating System 1576 C:\Windows\Explorer.EXE<verified> Microsoft® Windows® Operating System 1540 C:\Windows\system32\Dwm.exe<verified> Microsoft® Windows® Operating System 1636 C:\Windows\system32\taskhost.exe<verified> Microsoft® Windows® Operating System 6104 C:\Windows\system32\wuauclt.exe<verified> Realtek HD Audio Manager 340 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe<verified> Vypress Chat 2396 F:\Program\Vypress\VyChat.exe<verified> Windows Live Messenger 1720 C:\Program Files\Windows Live\Messenger\msnmsgr.exe<verified> µTorrent 1444 C:\Program Files\uTorrent\uTorrent.exeNetwork activity----------------Process uTorrent.exe (1444) connected on port 2491 - 85.216.219.178Process uTorrent.exe (1444) connected on port 2984 - 41.196.139.234Process uTorrent.exe (1444) connected on port 10741 - 94.98.100.174Process uTorrent.exe (1444) connected on port 16226 - 41.238.36.163Process uTorrent.exe (1444) connected on port 38978 - 70.25.36.141Process uTorrent.exe (1444) connected on port 53249 - 119.153.178.148Process uTorrent.exe (1444) connected on port 55214 - 196.210.33.193Process uTorrent.exe (1444) connected on port 64712 - 60.48.61.45Process uTorrent.exe (1444) connected on port 65241 - 116.71.170.163Process uTorrent.exe (1444) connected on port 3921 - 41.230.1.253Process uTorrent.exe (1444) connected on port 49823 - 41.251.117.115Process uTorrent.exe (1444) connected on port 33328 - 84.52.141.66Process uTorrent.exe (1444) connected on port 29344 - 188.51.92.14Process uTorrent.exe (1444) connected on port 58333 - 92.96.38.168Process uTorrent.exe (1444) connected on port 40687 - 81.192.211.175Process uTorrent.exe (1444) connected on port 62862 - 123.2.151.132Process uTorrent.exe (1444) connected on port 59835 - 94.141.194.230Process uTorrent.exe (1444) connected on port 10748 - 117.102.43.126Process uTorrent.exe (1444) connected on port 33482 - 213.91.243.23Process uTorrent.exe (1444) connected on port 2450 - 119.155.5.104Process uTorrent.exe (1444) connected on port 29405 - 94.99.80.214Process uTorrent.exe (1444) connected on port 34363 - 178.41.4.3Process uTorrent.exe (1444) connected on port 3413 - 91.144.12.11Process uTorrent.exe (1444) connected on port 56612 - 81.111.165.76Process uTorrent.exe (1444) connected on port 52380 - 95.155.64.217Process uTorrent.exe (1444) connected on port 46410 - 78.98.236.86Process uTorrent.exe (1444) connected on port 32037 - 78.144.207.151Process uTorrent.exe (1444) connected on port 46806 - 80.227.206.95Process uTorrent.exe (1444) connected on port 22956 - 115.133.216.155Process uTorrent.exe (1444) connected on port 61771 - 118.42.98.155Process uTorrent.exe (1444) listens on ports: 45157Process VyChat.exe (2396) listens on ports: 8167Autoruns and critical files---------------------------<verified> Adobe Acrobat F:\Program\Adobe Reader\Reader\Reader_sl.exe<verified> Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe<verified> DAEMON Tools Lite C:\Program Files\DAEMON Tools Lite\DTLite.exe<verified> GrooveMonitor Utility F:\Program\Microsoft Office\Office12\GrooveMonitor.exe<verified> GrooveShellExtensions Module F:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll<verified> Kaspersky Anti-Virus C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe<verified> Kaspersky Anti-Virus c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll<verified> Kaspersky Anti-Virus C:\Windows\system32\klogon.dll<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe<verified> Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe<verified> Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe<verified> µTorrent C:\Program Files\uTorrent\uTorrent.exeBrowser plugins---------------<verified> 2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL<verified> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll<verified> BitDefender QuickScan C:\Users\fungus\AppData\Roaming\Mozilla\Firefox\Profiles/5x7imrtd.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll<verified> BitDefender QuickScan C:\Users\fungus\AppData\Roaming\Mozilla\Firefox\Profiles/5x7imrtd.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll<verified> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll<verified> DivX Player Netscape Plugin C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll<verified> DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll<verified> DivX Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll<verified> GrooveShellExtensions Module F:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll<verified> Kaspersky Anti-Virus c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll<verified> Kaspersky Anti-Virus c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll<verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll<verified> Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll<verified> Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll<verified> Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll<verified> Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll<verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll<verified> NPSWF32.dll C:\Windows\System32\Macromed\Flash\NPSWF32.dll<verified> Silverlight Plug-In C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll<verified> Windows® Internet Explorer C:\Windows\System32\ieframe.dllMissing files-------------File not found: c:\windows\system32\dreamscene.dll referenced in: HKCR\CLSID\{E31004D1-A431-41B8-826F-E902F9D95C81}\InprocServer32\(default)Scan----<unsigned> MD5: 72a911916a542299b0352f18b98c0348 C:\cap\AntiPoisoner.exe<unsigned> MD5: fcc244da361936e8186a2cf24df7d7e7 C:\Program Files\DAEMON Tools Lite\mfc80u.dll<unsigned> MD5: 462e2f4886a0b389d4fda12a15f8219a C:\Program Files\Mozilla Firefox\freebl3.dll<unsigned> MD5: 52d4d6ec27a57313ab9f90e242c3cfa4 C:\Program Files\Mozilla Firefox\nssdbm3.dll<unsigned> MD5: a87b04299a14747bbcbe8cb4147612c2 C:\Program Files\Mozilla Firefox\softokn3.dllNo file uploaded.Scan finished - communication took 5 secTotal traffic - 0.00 MB sent, 0.12 KB recvdScanned 761 files and modules - 17 seconds
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:03:06 AM, on 17/03/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeF:\Program\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\DAEMON Tools Lite\DTLite.exeC:\cap\AntiPoisoner.exeF:\Program\Vypress\VyChat.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\NOTEPAD.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dllO4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -sO4 - HKLM\..\Run: [GrooveMonitor] "F:\Program\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorunO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - Global Startup: AntiPoisoner.lnk = C:\cap\AntiPoisoner.exeO4 - Global Startup: Vypress Chat StartUp.lnk = ?O8 - Extra context menu item: &Download with &DAP - F:\Program\DAP Premium\dapextie.htmO8 - Extra context menu item: Download &all with DAP - F:\Program\DAP Premium\dapextie2.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Program\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program\MICROS~1\Office12\REFIEBAR.DLLO9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dllO13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program\Microsoft Office\Office12\GrooveSystemServices.dllO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dllO22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll (file missing)O23 - Service: Apache2.2 - Apache Software Foundation - F:\xampp\apache\bin\apache.exeO23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXEO23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: mysql - Unknown owner - F:\xampp\mysql\bin\mysqld.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe--End of file - 6030 bytes
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll (file missing)
I hv a problem if I remove AntiPoisoner.exe my Internet will not work.and it was provided by internet service provider.what should I do ?
With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.
Terms of Use | Privacy Policy | Advertising