Log se.dll

bozar · 6 Marzec 2005 15:21

wezcie mi pomozcie bo sie zaszlacham… nic nie idze;/ probowalem juz i nic…

i wezcie poleccie jakiegos dobrego antyvira.

Logfile of HijackThis v1.99.1

Scan saved at 16:13:23, on 05-03-06

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MDM.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\PROGRAM FILES\WINAMP\WINAMP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\PULPIT\HIJACKTHIS1.99.1\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FLASHFXP\IEFLASH.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM…\Run: [internat.exe] internat.exe

O4 - HKLM…\Run: [systemTray] SysTray.Exe

O4 - HKLM…\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe

O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime

O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM…\Run: [sp] rundll32 C:\TEMP\SE.DLL,DllInstall

O4 - HKLM…\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM…\RunServices: [schedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe

O4 - HKLM…\RunServices: [ccEvtMgr] “C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”

O4 - HKLM…\RunServices: [ccSetMgr] “C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”

O4 - HKLM…\RunServices: [scriptBlocking] “C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe” -reg

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?316

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GINWORDS Class) - http://gryonline.wp.pl/files/words_2_0_0_18.cab

O16 - DPF: {F96D229F-129A-43B5-9B51-B7820E1BF2D3} (GameControl2 Control) - http://www.miastoplusa.pl/applets/GameControl104.cab

O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/pl/darts_2_0_0_29.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_17.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_16.cab

O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://city-ginowan-okinawa.miemasu.net/kxhcm10.ocx

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://67.15.101.3/g_bin/pl/billardt_2_0_0_21.cab

O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_21.cab

O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab

O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.it-net.pl/~magiccam/music/AXWebMonProj1.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Shared … vSniff.cab

O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB

O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbies&Diamonds) - http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = po.pl

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.14.18.2

zostawilem kompa na dzien z kuzynem i pojechalem do dziewczyny i co?? wracam i to gowno siedz…

ciekawe co szczeniak ogladał: cwaniak histroie skasowal;]

mam do was pytanie jest jakis program do sledzenia histori?

z gory dziek.

boczi · 6 Marzec 2005 15:27

Na przyszłosć, jeśli nie chcesz mieć takich problemów, schowaj IE w ciemny kąt i zmień ją na firefoxa! http://www.firefox.pl

Najpierw skan CWShredderem: http://www.intermute.com/spysubtract/cw … nload.html

Usuwasz to w trybie awaryjnym [F8]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

   	R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

   	R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

   	R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

   	R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

   	R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

   	O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

   	O4 - HKLM\..\Run: [sp] rundll32 C:\TEMP\SE.DLL,DllInstall

O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

   	O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe

   	O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

   	O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?316

   	O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_16.cab

Potem na nowo dajesz loga i zobaczymy

kuz5 · 6 Marzec 2005 20:33

Wyczyść katalog TEMP

Start=>Uruchom=>%temp%=>I usuń wszystko co sie tam znajduje

Eddpl · 11 Marzec 2005 14:09

siemanko mam też problem z se.dll próbowałem waszych metod i nic po restarcie kompa wszyskie pliki i klucze rejestracji które usunąłem, dalej są

żeby było śmiesznie mam ad-aware z pluginem ad-watch i po urochumieniu windowsa mam 3000 registry modification detected ad-aware jak i hijackthis po skanowaniu i usunięciu nie usuwają plików nawet w trybie awaryjnym PROSZE POMÓŻCIE!

boczi · 11 Marzec 2005 14:17

Wpisy, które podam usuwasz w trybie awaryjnym [F8] bez obsługi sieci

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ms-find.com/index.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ms-find.com/index.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ms-find.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ms-find.com/index.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank 

R3 - Default URLSearchHook is missing 

O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O4 - Startup: NETMAP.pif = C:\NETMAP.BAT

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted IP range: 64.127.104.144  

O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) - http://www9.advnt01.com/dialer/win98_P.CAB

O18 - Filter: text/html - {DDAA83E2-9232-11D9-84F4-00405D45B776} - C:\WINDOWS\SYSTEM\BNBO.DLL

O18 - Filter: text/plain - {DDAA83E2-9232-11D9-84F4-00405D45B776} - C:\WINDOWS\SYSTEM\BNBO.DLL

O21 - SSODL: System - {77D48F40-F82F-11D8-84F4-004063C3F8B7} - C:\WINDOWS\system32\system32.dll (file missing)

Wpis:

O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone

usuwasz narzędziem LSP-FIX. Po czynnościach skan programami anty i na nowo log.

http://forum.dobreprogramy.pl/viewtopic.php?t=17671