Wirus CLICNOF--jak usunac?

rsk_rysiek · 9 Styczeń 2008 10:59

Witam wszystkich odpaliłem Hijack i mam taki wpis:

Unknown

	O2 - BHO: (no name) - {7EEB6505-0DD4-4B30-8F86-C2BF3603B75D} - C:\WINDOWS\system32\cliconf.dll

Hijack nie chce go usunac. W jaki sposób się tego pozbyc? Pozdrawiam

rsk_rysiek · 9 Styczeń 2008 11:15

Dodaje logi z COMBOFIX:

ComboFix 08-01-09.2 - NeD_Rikardo 2008-01-09 12:06:45.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.166 [GMT 1:00] Running from: C:\Documents and Settings\NeD_Rikardo\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\NeD_Rikardo\Dane aplikacji\ultra C:\Documents and Settings\NeD_Rikardo\Dane aplikacji\ultra\ultra.inf C:\Documents and Settings\NeD_Rikardo\Dane aplikacji\ultra\uninstall.bat C:\Program Files\Helper C:\Program Files\Helper\Helper8.dll C:\Program Files\lsass.exe C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\History\search C:\Program Files\mzudwlsx C:\Program Files\mzudwlsx\chgduzip.dll C:\Program Files\SecCenter C:\Program Files\SecCenter\scprot4.exe C:\Program Files\ucleaner_setup.exe C:\Program Files\Ultimate Cleaner C:\WINDOWS\Casino.ico C:\WINDOWS\Free Online Dating.ico C:\WINDOWS\inf\ultra.inf C:\WINDOWS\lsass.exe C:\WINDOWS\Spyware Remover.ico C:\WINDOWS\system32\njprckha C:\WINDOWS\system32\njprckha\bg1.gif C:\WINDOWS\system32\njprckha\bgtop.gif C:\WINDOWS\system32\njprckha\bottom1.gif C:\WINDOWS\system32\njprckha\essentials.gif C:\WINDOWS\system32\njprckha\icon1.ico C:\WINDOWS\system32\njprckha\install1.gif C:\WINDOWS\system32\njprckha\left1.gif C:\WINDOWS\system32\njprckha\li.gif C:\WINDOWS\system32\njprckha\logo.gif C:\WINDOWS\system32\njprckha\main.htm C:\WINDOWS\system32\njprckha\mainframe.htm C:\WINDOWS\system32\njprckha\njprckha1.exe C:\WINDOWS\system32\njprckha\njprckha2.exe C:\WINDOWS\system32\njprckha\njprckha3.exe C:\WINDOWS\system32\njprckha\reinstall1.gif C:\WINDOWS\system32\njprckha\right1.gif C:\WINDOWS\system32\njprckha\s1.htm C:\WINDOWS\system32\njprckha\s2.htm C:\WINDOWS\system32\njprckha\s3.htm C:\WINDOWS\system32\njprckha\SMTop1.gif C:\WINDOWS\system32\njprckha\SMTop2.gif C:\WINDOWS\system32\njprckha\SMTop3.gif C:\WINDOWS\system32\njprckha\SMTop4.gif C:\WINDOWS\system32\njprckha\soft1_off.gif C:\WINDOWS\system32\njprckha\soft1_off_ext.gif C:\WINDOWS\system32\njprckha\soft1_on.gif C:\WINDOWS\system32\njprckha\soft1_on_ext.gif C:\WINDOWS\system32\njprckha\soft2_off.gif C:\WINDOWS\system32\njprckha\soft2_off_ext.gif C:\WINDOWS\system32\njprckha\soft2_on.gif C:\WINDOWS\system32\njprckha\soft2_on_ext.gif C:\WINDOWS\system32\njprckha\soft3_off.gif C:\WINDOWS\system32\njprckha\soft3_off_ext.gif C:\WINDOWS\system32\njprckha\soft3_on.gif C:\WINDOWS\system32\njprckha\soft3_on_ext.gif C:\WINDOWS\system32\njprckha\softbottom_off.gif C:\WINDOWS\system32\njprckha\softbottom_on.gif C:\WINDOWS\system32\njprckha\softleft_off.gif C:\WINDOWS\system32\njprckha\softleft_on.gif C:\WINDOWS\system32\njprckha\top1.gif C:\WINDOWS\system32\njprckha\top2.gif C:\WINDOWS\system32\njprckha\turnoff1.gif C:\WINDOWS\system32\njprckha\turnon1.gif . ((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 ))))))))))))))))))))))))))))))) . 2008-01-09 12:05 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-08 13:06 . 2008-01-08 13:06 2008-01-07 13:47 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-01-07 13:47 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-01-07 13:42 . 2008-01-07 13:42 2008-01-07 13:42 . 2008-01-07 13:42 2008-01-07 13:41 . 2008-01-07 13:53 2008-01-05 21:10 . 2008-01-05 21:10 2008-01-05 21:09 . 2008-01-05 21:09 2008-01-05 20:08 . 2008-01-05 20:08 2008-01-05 20:02 . 2008-01-05 20:02 2008-01-05 19:42 . 2006-11-30 15:14 18,704 -ra------ C:\WINDOWS\system32\drivers\se45nd5.sys 2008-01-05 19:40 . 2006-11-30 15:14 90,800 -ra------ C:\WINDOWS\system32\drivers\se45unic.sys 2008-01-05 19:40 . 2006-11-30 15:14 4,128 -ra------ C:\WINDOWS\system32\drivers\se45cr.sys 2008-01-05 19:37 . 2008-01-05 19:37 2008-01-05 19:37 . 2006-11-30 15:14 97,088 -ra------ C:\WINDOWS\system32\drivers\se45mdm.sys 2008-01-05 19:37 . 2006-11-30 15:14 88,624 -ra------ C:\WINDOWS\system32\drivers\se45mgmt.sys 2008-01-05 19:37 . 2006-11-30 15:14 86,432 -ra------ C:\WINDOWS\system32\drivers\se45obex.sys 2008-01-05 19:37 . 2006-11-30 15:13 61,536 -ra------ C:\WINDOWS\system32\drivers\se45bus.sys 2008-01-05 19:37 . 2006-11-30 15:14 9,360 -ra------ C:\WINDOWS\system32\drivers\se45mdfl.sys 2008-01-05 19:37 . 2006-11-30 15:13 6,240 -ra------ C:\WINDOWS\system32\drivers\se45cmnt.sys 2008-01-05 19:37 . 2006-11-30 15:13 6,240 -ra------ C:\WINDOWS\system32\drivers\se45cm.sys 2008-01-05 19:37 . 2006-11-30 15:14 5,872 -ra------ C:\WINDOWS\system32\drivers\se45whnt.sys 2008-01-05 19:37 . 2006-11-30 15:14 5,872 -ra------ C:\WINDOWS\system32\drivers\se45wh.sys 2008-01-05 19:36 . 2008-01-05 19:36 2008-01-05 19:32 . 2008-01-05 19:32 2008-01-05 19:32 . 2008-01-05 19:32 2008-01-05 19:32 . 2008-01-05 19:32 2008-01-05 19:32 . 2008-01-05 19:32 2008-01-05 19:32 . 2008-01-05 19:32 2008-01-05 19:31 . 2008-01-05 19:31 2008-01-05 18:25 . 2008-01-05 18:25 2008-01-05 18:24 . 2008-01-05 18:24 2008-01-05 18:24 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-05 18:23 . 2008-01-05 18:23 2008-01-05 15:09 . 2008-01-05 15:09 2008-01-05 00:33 . 2008-01-05 00:33 2008-01-04 22:00 . 2008-01-04 22:00 2008-01-04 21:04 . 2008-01-05 14:56 2008-01-04 21:00 . 2008-01-04 21:03 2008-01-04 21:00 . 2008-01-06 23:08 2008-01-04 20:58 . 2008-01-04 20:59 2008-01-04 20:48 . 2008-01-04 21:00 118,703 --a------ C:\WINDOWS\hpoins09.dat 2008-01-04 14:50 . 2008-01-04 14:51 2008-01-03 19:00 . 2008-01-03 19:02 2008-01-03 15:27 . 2008-01-03 15:27 2008-01-03 00:35 . 2008-01-04 14:51 2008-01-02 20:23 . 2008-01-02 20:26 2008-01-02 19:56 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2008-01-02 19:56 . 2004-08-03 23:10 38,016 --a–c— C:\WINDOWS\system32\dllcache\bthmodem.sys 2008-01-02 19:55 . 2008-01-02 19:55 2008-01-02 19:55 . 2008-01-02 19:59 2008-01-02 19:55 . 2008-01-02 19:55 2008-01-02 19:54 . 2008-01-02 19:54 2008-01-02 19:54 . 2008-01-02 19:54 2008-01-02 19:53 . 2008-01-02 19:56 2008-01-02 19:52 . 2008-01-05 19:34 2008-01-02 19:52 . 2008-01-02 19:52 2008-01-02 19:52 . 2008-01-02 19:54 2008-01-02 19:52 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-01-02 19:51 . 2008-01-02 19:51 2008-01-02 19:47 . 2004-08-04 00:44 153,088 --a------ C:\WINDOWS\system32\irftp.exe 2008-01-02 19:47 . 2004-08-04 00:44 153,088 --a–c— C:\WINDOWS\system32\dllcache\irftp.exe 2008-01-02 19:47 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys 2008-01-02 19:47 . 2004-08-03 22:58 100,992 --a–c— C:\WINDOWS\system32\dllcache\bthpan.sys 2008-01-02 19:47 . 2004-08-03 23:10 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys 2008-01-02 19:47 . 2004-08-03 23:10 59,648 --a–c— C:\WINDOWS\system32\dllcache\rfcomm.sys 2008-01-02 19:47 . 2004-08-04 00:44 27,648 --a------ C:\WINDOWS\system32\irmon.dll 2008-01-02 19:47 . 2004-08-04 00:44 27,648 --a–c— C:\WINDOWS\system32\dllcache\irmon.dll 2008-01-02 19:47 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys 2008-01-02 19:47 . 2004-08-03 23:10 17,024 --a–c— C:\WINDOWS\system32\dllcache\bthenum.sys 2008-01-02 19:46 . 2004-08-04 00:35 275,200 --a------ C:\WINDOWS\system32\drivers\bthport.sys 2008-01-02 19:46 . 2004-08-04 00:35 275,200 --a–c— C:\WINDOWS\system32\dllcache\bthport.sys 2008-01-02 19:46 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS 2008-01-02 19:46 . 2004-08-03 23:10 18,944 --a–c— C:\WINDOWS\system32\dllcache\bthusb.sys 2008-01-02 19:46 . 2004-08-04 00:44 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2008-01-02 19:46 . 2004-08-04 00:44 8,192 --a–c— C:\WINDOWS\system32\dllcache\wshirda.dll 2008-01-01 11:28 . 2008-01-01 14:13 2007-12-30 18:59 . 2007-12-30 18:59 2007-12-30 18:59 . 2007-12-30 18:59 2007-12-30 18:59 . 2008-01-09 11:32 2007-12-30 18:59 . 2008-01-04 00:24 2007-12-28 20:10 . 2007-12-20 22:35 2007-12-28 20:10 . 2007-12-28 20:11 2007-12-28 20:10 . 2007-12-20 21:41 2007-12-28 20:10 . 2007-12-20 22:35 2007-12-28 20:10 . 2007-12-28 20:11 2007-12-28 20:10 . 2007-12-20 22:35 2007-12-28 20:10 . 2007-12-28 20:10 2007-12-28 19:36 . 2007-12-28 19:36 2007-12-28 19:29 . 2008-01-09 12:01 69 --a------ C:\WINDOWS\NeroDigital.ini 2007-12-27 22:59 . 2007-12-27 23:05 2007-12-27 22:16 . 2007-12-27 22:16 2007-12-26 14:30 . 2007-12-31 23:21 2007-12-25 19:40 . 2008-01-05 18:17 2007-12-25 14:17 . 2007-12-25 14:17 2007-12-25 02:15 . 2007-12-25 02:15 2007-12-25 02:15 . 2008-01-05 17:34 2007-12-24 23:57 . 2007-12-24 23:57 2007-12-24 18:00 . 2007-12-24 18:00 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-09 10:51 --------- d-----w C:\Program Files\Steam 2008-01-08 12:07 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-12-26 13:41 --------- d-----w C:\Program Files\ATI Technologies 2007-12-26 13:38 --------- d-----w C:\Documents and Settings\NeD_Rikardo\Dane aplikacji\ATI 2007-12-20 21:34 --------- d-----w C:\Documents and Settings\NeD_Rikardo\Dane aplikacji\Gadu-Gadu 2007-12-20 21:33 --------- d-----w C:\Program Files\Gadu-Gadu 2007-12-20 21:29 --------- d-----w C:\Program Files\C-Media 2007-12-20 21:26 --------- d-----w C:\Program Files\Common Files\ATI Technologies 2007-12-20 21:25 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-20 20:46 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-20 20:44 --------- d-----w C:\Program Files\Usługi online 2007-12-05 13:17 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe 2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-12-05 03:05 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-12-05 02:48 9,535,488 ----a-w C:\WINDOWS\system32\atioglx2.dll 2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-12-05 02:16 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2007-12-05 02:14 180,224 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll 2007-11-21 16:31 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys 2007-11-21 16:31 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys 2006-06-29 14:45 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{7EEB6505-0DD4-4B30-8F86-C2BF3603B75D}] 2004-08-03 23:43 84992 --a------ C:\WINDOWS\system32\cliconf.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44 15360] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54 2131392] “Steam”=“C:\Program Files\Steam\Steam.exe” [2007-12-20 22:33 1266936] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 00:55 1667584] “PC Suite Tray”=“C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe” [2007-12-10 10:12 695808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “C-Media Mixer”=“Mixer.exe” [2006-06-29 15:45 1581056 C:\WINDOWS\mixer.exe] “AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe” [2007-12-18 00:43 227856] “StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 12:35 90112] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51 39792] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [] “BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-03 23:44 110592 C:\WINDOWS\system32\bthprops.cpl] “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41 49152] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496] “Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2006-11-24 01:06 487424] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44 15360] “Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-11-07 17:35 1294336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkve32] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvusspn] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] --a------ 2006-08-01 17:04 3313664 C:\Program Files\BearShare\BearShare.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-08-04 00:55 1667584 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] --a------ 2007-10-23 01:47 360448 C:\Program Files\Winamp Remote\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoveIT Pro XT] C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-12-12 15:20 21686568 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “wuauserv”=2 (0x2) “wscsvc”=2 (0x2) R0 podpucbo;podpucbo;C:\WINDOWS\system32\drivers\eyyhyafg.dat [] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] S3 ddsxeiservice;ddsxeiservice2;C:\Program Files\sXe Injected\ddsxei.sys [2007-11-25 00:39] *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-09 12:10:45 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-09 12:11:37 ComboFix-quarantined-files.txt 2008-01-09 11:11:25

Gutek · 9 Styczeń 2008 17:26

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350

Pobierz program SDFix