Prośba o sprawdzenie i pytanie

seven · 18 Luty 2006 13:44

Przeskanowałem system programem Ewido, wykrył kilka rzeczy (wkleje poniżej log) i teraz przy każdym uruchomieniu systemu wyskakuje okienko, że brakuje “HKNTDLL.dll” a widze, że ten plik znajduje się w kwarantannie Ewido-chyba powinienem go przywrócić ??

Wkleje także loga z HijackThisa bo już dawno nie był system sprawdzany. Bardzo bym prosił o sprawdzenie i ewentualne rady.

[1760] C:\WINDOWS\HKNTDLL.dll -> Not-A-Virus.Monitor.Win32.Hooker.e : Cleaned with backup [540] C:\WINDOWS\HKNTDLL.dll -> Not-A-Virus.Monitor.Win32.Hooker.e : Error during cleaning C:\Documents and Settings\zico\Cookies\zico@ad.adocean[1].txt -> Spyware.Cookie.Adocean : Cleaned with backup :mozilla.8:C:\Documents and Settings\zico\Dane aplikacji\Mozilla\Firefox\Profiles\7j3lh8qc.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup :mozilla.9:C:\Documents and Settings\zico\Dane aplikacji\Mozilla\Firefox\Profiles\7j3lh8qc.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup :mozilla.13:C:\Documents and Settings\zico\Dane aplikacji\Mozilla\Firefox\Profiles\7j3lh8qc.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.14:C:\Documents and Settings\zico\Dane aplikacji\Mozilla\Firefox\Profiles\7j3lh8qc.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.25:C:\Documents and Settings\zico\Dane aplikacji\Mozilla\Firefox\Profiles\7j3lh8qc.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup :mozilla.26:C:\Documents and Settings\zico\Dane aplikacji\Mozilla\Firefox\Profiles\7j3lh8qc.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup :mozilla.32:C:\Documents and Settings\zico\Dane aplikacji\Mozilla\Firefox\Profiles\7j3lh8qc.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup :mozilla.33:C:\Documents and Settings\zico\Dane aplikacji\Mozilla\Firefox\Profiles\7j3lh8qc.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup C:\Program Files\Tlen.pl\plugins\DozaKultury.tpl -> Adware.Doza : Cleaned with backup C:\WINDOWS\HKNTDLL.dll -> Not-A-Virus.Monitor.Win32.Hooker.e : Cleaned with backup

Logfile of HijackThis v1.99.1 Scan saved at 14:42:15, on 2006-02-18 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\cFosSpeed\spd.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\cFosSpeed\cFosSpeed.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\Documents and Settings\zico\Menu Start\Programy\Autostart\Amoumain.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Azureus\Azureus.exe C:\Program Files\Java\jre1.5.0_05\bin\javaw.exe C:\Program Files\ewido\security suite\SecuritySuite.exe C:\Program Files\Tlen.pl\tlen.exe C:\WINDOWS\system32\NOTEPAD.EXE E:\PROGRAMY\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [CHotkey] mHotkey.exe O4 - HKLM…\Run: [gcasServ] “C:\Program Files\Microsoft AntiSpyware\gcasServ.exe” O4 - HKLM…\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM…\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice O4 - HKLM…\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe O4 - HKLM…\Run: [KAVPersonal50] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe” /minimize O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title=“CorelDRAW Graphics Suite 12” /date=022806 serial=DR12WEX-1504397-KTY lang=EN O4 - HKLM…\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - Startup: Amoumain.exe O4 - Startup: Dslmon.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: (no name) - {0BCBCDD8-E5D9-417D-A752-C2DA929A21BF} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O9 - Extra ‘Tools’ menuitem: Track Page Using Copernic Agent - {0BCBCDD8-E5D9-417D-A752-C2DA929A21BF} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra ‘Tools’ menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Ustawienia przeglądarki - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\System32\shdocvw.dll (HKCU) O9 - Extra ‘Tools’ menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\System32\shdocvw.dll (HKCU) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 1774674406 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://127.0.0.1:800/Default/download.m … wflash.cab O17 - HKLM\System\CCS\Services\Tcpip…{0A6669FA-0F3F-43B3-A495-3BACF8AFC204}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{0A6669FA-0F3F-43B3-A495-3BACF8AFC204}: NameServer = 194.204.152.34 217.98.63.164 O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Monczkin · 18 Luty 2006 13:51

seven prosze stosować tagi do wklejania logów - wszystko jest opisane w temacie o logach HT w bezpieczeństwie

seven · 18 Luty 2006 14:05

Sorry, następnym razem napewno tak zrobię.

===================================

Nie przepraszaj tylko zmień to co już zamieściłeś :!:

ok, zmieniłem, mogę liczyć teraz na pomoc ??

Złączono Posta : 19.02.2006 (Nie) 15:04

Ten plik “HKNTDLL.dll” to chyba było coś od klawiatury bo jak to przywróciłem to zaczęły mi działać przyciski “multimediów”.

A proszę o sprawdzenie loga z powodu zamulania komputera: podstawowe operacje na dysku trwają zbyt długo, słychać że dysk pracuje i ogólnie coś zwolnił. Dodam, że dawno nie było reinstalacji.