Prosze o sprawdzenie loga + se.dll

Dla specjalistów Bezpieczeństwo
#1

Logfile of HijackThis v1.99.0

Scan saved at 16:56:27, on 05-02-19

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\IRMON.EXE

C:\WINDOWS\SYSTEM\PROMON.EXE

C:\PROGRAM FILES\WINAMP\WINAMPA.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\RunDLL.exe

C:\DOWNLOADS\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE

C:\PROGRAM FILES\TOSHIBA\NETDEVSW\NETDEVSW.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\DOWNLOADS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Fastweb

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOWNLO~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: (no name) - {C434A862-81FB-11D9-BD78-00004EA0C34C} - C:\WINDOWS\SYSTEM\APPBKCA.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM…\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM…\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM…\Run: [systemTray] SysTray.Exe

O4 - HKLM…\Run: [irMon] IrMon.exe

O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM…\Run: [TOSHIBSU] TOSHIBSU.EXE

O4 - HKLM…\Run: [Promon.exe] Promon.exe

O4 - HKLM…\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM…\Run: [KAZAA] “C:\PROGRAM FILES\KAZAA LITE\KPP.EXE” “C:\PROGRAM FILES\KAZAA LITE\KAZAALITE.KPP” /SYSTRAY

O4 - HKLM…\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM…\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon

O4 - HKCU…\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Downloads\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Network Device Switch.lnk = C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - C:\PROGRAM FILES\FLASHGET\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - C:\PROGRAM FILES\FLASHGET\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\JETCAR.EXE

O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\JETCAR.EXE

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Eventi & Concerti - {FF4D2994-6575-4F03-A5C6-6559C8793A11} - c:\manifestazioni.exe (file missing)

O9 - Extra ‘Tools’ menuitem: Eventi & Concerti - {FF4D2994-6575-4F03-A5C6-6559C8793A11} - c:\manifestazioni.exe (file missing)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://vblu.uni-bocconi.it/vblu/NWWClientFull.cab

O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.127.92.38

O18 - Filter: text/html - {9C4CBF09-81D6-11D9-BD78-000085E8A9DC} - C:\WINDOWS\SYSTEM\APPBKCA.DLL

O18 - Filter: text/plain - {9C4CBF09-81D6-11D9-BD78-000085E8A9DC} - C:\WINDOWS\SYSTEM\APPBKCA.DLL

nie moge usunac se.dll ani przez KillBox (z Unregister dll before deleting czy bez, a dodatkowo znika mi wszystko z pulpitu jak wyskakuje komunikat ‘this file could not be deleted’) ani przez HijackThis (Delete a file on reboot… - przycisk jest nieaktywny)

Komputer to laptop Toshiby

Pozdrawiam

palmito

#2

Usuń:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html

   	R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html

   	O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)

O2 - BHO: (no name) - {C434A862-81FB-11D9-BD78-00004EA0C34C} - C:\WINDOWS\SYSTEM\APPBKCA.DLL

   	O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

   	O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

   	O9 - Extra button: Eventi & Concerti - {FF4D2994-6575-4F03-A5C6-6559C8793A11} - c:\manifestazioni.exe (file missing)

   	O9 - Extra 'Tools' menuitem: Eventi & Concerti - {FF4D2994-6575-4F03-A5C6-6559C8793A11} - c:\manifestazioni.exe (file missing)

   	O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://vblu.uni-bocconi.it/vblu/NWWClientFull.cab

   	O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe

   	O18 - Filter: text/html - {9C4CBF09-81D6-11D9-BD78-000085E8A9DC} - C:\WINDOWS\SYSTEM\APPBKCA.DLL

   	O18 - Filter: text/plain - {9C4CBF09-81D6-11D9-BD78-000085E8A9DC} - C:\WINDOWS\SYSTEM\APPBKCA.DLL

Brak antywirusa, firewalla. Co do tego DLLa to poczekaj na innych.

#3

log pochodzi ze starej wersji hijack

tu masz najnowszą

http://www.klitetools.com/MM/HijackThis.zip

#4

Nie jest taka stara ta wersja jest wystarczająca.

Jeszcze to usuń:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

Wyczyść katalog TEMP

#5

C:\WINDOWS\RunDLL.exe :!:

co do tego nie jestem pewny ale chyba poczekaj na wybowiedz innych :!:

#6

wszystkie te wpisy usunalem (fix checked) ale po restarcie znowu są :frowning:

Logfile of HijackThis v1.99.0

Scan saved at 19:14:50, on 05-02-19

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\IRMON.EXE

C:\WINDOWS\SYSTEM\PROMON.EXE

C:\PROGRAM FILES\WINAMP\WINAMPA.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\TOSHIBA\NETDEVSW\NETDEVSW.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\DOWNLOADS\HIJACKTHIS.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res/c:\windows\TEMP\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res/c:\windows\TEMP\se.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Fastweb

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {3F5BC0D4-82A6-11D9-BD78-000007D583F6} - C:\WINDOWS\SYSTEM\APPBKCA.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM…\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM…\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM…\Run: [systemTray] SysTray.Exe

O4 - HKLM…\Run: [irMon] IrMon.exe

O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM…\Run: [TOSHIBSU] TOSHIBSU.EXE

O4 - HKLM…\Run: [Promon.exe] Promon.exe

O4 - HKLM…\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM…\Run: [KAZAA] “C:\PROGRAM FILES\KAZAA LITE\KPP.EXE” “C:\PROGRAM FILES\KAZAA LITE\KAZAALITE.KPP” /SYSTRAY

O4 - HKLM…\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM…\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon

O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray

O4 - Startup: Network Device Switch.lnk = C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - C:\PROGRAM FILES\FLASHGET\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - C:\PROGRAM FILES\FLASHGET\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\JETCAR.EXE

O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\JETCAR.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.127.92.38

O18 - Filter: text/html - {3F5BC0D3-82A6-11D9-BD78-0000883C1B82} - C:\WINDOWS\SYSTEM\APPBKCA.DLL

O18 - Filter: text/plain - {3F5BC0D3-82A6-11D9-BD78-0000883C1B82} - C:\WINDOWS\SYSTEM\APPBKCA.DLL

dziwne: nie mam wlaczonego IE a w procesach lata

#7

Napewno skasowałeś te wpisy.

Zrób to jeszcze raz w trybie awaryjnym z odłączonym netem i wyczyść katalog TEMP.

#8

Dzieki wszystkim za pomoc.

Zrobilem co trzeba w trybie awaryjnym, usunalem z temp (wreszcie sie dalo) i przez pare godzin wszystko bylo w porzadku ale potem znowu zainstalowal sie se.dll. Nie mam pojecia co go instaluje, zostal mi tylko format c: chyba.

#9

TO GO INSTALUJE!

  1. Odinstaluj kazzę.

W trybie awaryjnym usuń:

Tutaj jest opisany dokładnie jak to usunąć:

http://www.searchengines.pl/phpbb203/in … st&p=87939