Unlockerem nie da się uwolnić podanych plików, ani nie mam możliwości ich usunięcia. Nie mam także na dysku wymienionych plików xpa.exe itd… oraz nie mam tego klucza do skasowania.
loga z hijack:
Logfile of HijackThis v1.99.1
Scan saved at 14:37:29, on 2008-08-17
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Netia\Net\netianet.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\DOCUME~1\IDEFIX\USTAWI~1\Temp\setup1018.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\DOCUME~1\IDEFIX\USTAWI~1\Temp\1A9.tmp
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TC UP\totalcmd.exe
C:\DOCUME~1\IDEFIX\USTAWI~1\Temp_tc\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM…\Run: [soundMAX] “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray
O4 - HKLM…\Run: [TC UP] “C:\Program Files\TC UP\TC UP.exe”
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 - HKLM…\Run: [Lexmark 1200 Series] “C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe”
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe -auto
O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM…\Run: [unlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe”
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [somefox] C:\DOCUME~1\IDEFIX\USTAWI~1\Temp\setup1018.exe
O4 - HKCU…\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip…{EFC81E52-52DE-4961-A4D3-96E3E60AAA1F}: NameServer = 83.238.255.76 213.241.79.37
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
loga Combo:
ComboFix 08-08-16.01 - IDEFIX 2008-08-17 14:43:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.480 [GMT 2:00]
Running from: D:\INSTALKI PROGRAMÓW\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\IDEFIX\Dane aplikacji\Microsoft\SystemCertificates\My
C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\SystemCertificates\My
C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft\SystemCertificates\My
.
((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))
.
2008-08-17 10:18 . 2008-08-17 10:18
2008-08-17 10:18 . 2008-08-17 10:18
2008-08-17 10:18 . 2008-08-17 10:18
2008-08-17 10:17 . 2008-08-17 10:17
2008-08-17 10:01 . 2008-08-17 10:01
2008-08-16 22:03 . 2008-08-17 11:10
2008-08-16 22:03 . 2008-08-17 11:10
2008-08-16 21:31 . 2008-08-16 21:31
2008-08-16 21:31 . 2008-08-16 21:31
2008-08-15 17:33 . 2008-08-15 23:47
2008-08-13 21:12 . 2008-04-11 21:06 691,712 -----c— C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 21:12 . 2008-05-01 16:37 331,776 -----c— C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 10:56 . 2008-08-12 10:58
2008-08-01 10:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-01 10:12 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-01 10:12 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-01 10:10 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-08-01 10:08 . 2008-08-01 10:08
2008-08-01 10:08 . 2008-08-01 10:08
2008-08-01 10:05 . 2008-08-01 10:08
2008-08-01 10:05 . 2008-08-14 03:03
2008-08-01 10:04 . 2008-08-01 10:04
2008-07-24 18:57 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-23 09:33 . 2008-07-23 09:33 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-07-23 09:32 . 2008-07-23 09:32
2008-07-23 09:31 . 2008-07-23 09:31
2008-07-23 09:31 . 2008-07-23 09:31
2008-07-23 09:30 . 2008-07-23 09:30
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 19:50 --------- d-----w C:\Documents and Settings\IDEFIX\Dane aplikacji\Azureus
2008-08-16 19:40 --------- d-----w C:\Program Files\eMule
2008-08-08 15:12 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-08-01 06:56 --------- d-----w C:\Program Files\Avast4
2008-07-26 15:01 --------- d-----w C:\Program Files\Football Generation
2008-07-24 16:57 --------- d-----w C:\Program Files\Java
2008-07-11 15:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
2008-07-11 15:10 25,600 ----a-w C:\Documents and Settings\IDEFIX\usbsermptxp.sys
2008-07-11 15:10 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-07-11 15:10 22,768 ----a-w C:\Documents and Settings\IDEFIX\usbsermpt.sys
2008-07-11 15:10 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-07-11 14:40 --------- d-----w C:\Program Files\Avanquest update
2008-07-11 14:40 --------- d-----w C:\Documents and Settings\IDEFIX\Dane aplikacji\InstallShield
2008-07-11 14:35 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-02 07:36 --------- d-----w C:\Program Files\Azureus
2008-06-27 15:28 --------- d-----w C:\Documents and Settings\IDEFIX\Dane aplikacji\MSN6
2008-06-27 15:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\MSN6
2008-06-27 15:19 --------- d-----w C:\Program Files\Netia
2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:13 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-22 16:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA
2008-06-22 15:50 --------- d-----w C:\Documents and Settings\IDEFIX\Dane aplikacji\Ahead
2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 19:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-06-09 16:30 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-05-28 10:18 558,142 ----a-w C:\WINDOWS\java\Packages\WL3JN3NF.ZIP
2008-05-28 10:18 155,995 ----a-w C:\WINDOWS\java\Packages\P737VN1N.ZIP
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 22:51 15360]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-01-15 16:14 147456]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2008-04-14 22:51 1695232]
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-08-11 15:43 7630848]
“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2005-05-20 09:11 925696]
“TC UP”=“C:\Program Files\TC UP\TC UP.exe” [2008-01-27 19:35 35328]
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 15:40 155648]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]
“Lexmark 1200 Series”=“C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe” [2006-07-13 07:33 57344]
“avast!”=“C:\PROGRA~1\Avast4\ashDisp.exe” [2008-07-19 16:38 78008]
“NETIANET”=“C:\Program Files\Netia\Net\netianet.exe” [2007-09-28 11:56 493568]
“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2007-08-24 07:00 33648]
“UnlockerAssistant”=“C:\Program Files\Unlocker\UnlockerAssistant.exe” [2008-05-02 06:15 15872]
“nwiz”=“nwiz.exe” [2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“NvMCTray.dll” [2006-08-11 15:43 86016 C:\WINDOWS\system32\nvmctray.dll]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2008-04-14 22:51 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-05-28 12:43:11 962661]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “C:\Program Files\SUPERAntiSpyware\SASSEH.DLL” [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.ffds”= C:\PROGRA~1\CCCPAC~1\Filters\FFDShow\ff_vfw.dll
“VIDC.ACDV”= ACDV.dll
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Winamp Remote\bin\Orb.exe”=
“C:\Program Files\Winamp Remote\bin\OrbTray.exe”=
“C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”=
“C:\Program Files\Azureus\Azureus.exe”=
“C:\Program Files\eMule\emule.exe”=
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=
“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15:00]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\IDEFIX\Dane aplikacji\Mozilla\Firefox\Profiles\2uunh2h1.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 14:44:59
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-17 14:45:44
ComboFix-quarantined-files.txt 2008-08-17 12:45:40
Pre-Run: 11,986,583,552 bajtów wolnych
Post-Run: 16,864,444,416 bajtów wolnych
150 — E O F — 2008-08-14 01:03:48