[problem]perfect keylogger, robaki?

[edo_90]

Witam!


Ostatnio miałem dziwna sytuację. Skradziono mi 2 konta steam. Nie wiem jak to sie stało. Nie otwierałem żadnych maili nie odbierałem nieznajomych plików itp. jedynie ściągałem przez emule i soulseeka. Po zresetowaniu komputera pojawił mi sie dziwny program o nazwie perfect keylogger. Nie mam pojęcia co to za program i skąd on jest na moim kompie. Sprawdziłem adaware komputer i wykrył kilka robaków. Kasperskym też skanowałem i nic nie znalazł. Tak więc podaje wam moje loga jak możecie to sprawdźcie je.

Log z Hijacka

Logfile of HijackThis v1.99.1
Scan saved at 14:33:09, on 2007-12-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Razer\Habu\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
F:\Program Files\E-Color\Common\IconMgr.exe
F:\Program Files\Razer\Habu\razerofa.exe
f:\Program Files\E-Color\Colorific\hgcctl95.exe
f:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
F:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\User\Pulpit\Ikony\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - f:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - f:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [AVP] "f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Flashget] F:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Habu] f:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AutoConnect] f:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Komunikator] F:\Program Files\Tlen.pl\tlen.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: E-Color.lnk = F:\Program Files\E-Color\Common\IconMgr.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://F:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://F:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://F:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - F:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - f:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - f:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193560628390
O17 - HKLM\System\CCS\Services\Tcpip\..\{09ED3568-2BCF-4335-B7DD-2DFE6BD67EC3}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{09ED3568-2BCF-4335-B7DD-2DFE6BD67EC3}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

oraz z combofixa. (nie wiem co i jak się z logami robi, jak ktoś może to prosze o dokładną instrukcję dla osoby ciężko łapiącej)

ComboFix 07-11-19.4C - User 2007-12-10 14:15:14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1364 [GMT 1:00]
Running from: C:\Documents and Settings\User\Pulpit\Ikony\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bpkwb.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))
.

2007-12-09 13:58 60,416 --a------ C:\WINDOWS\ST4UNST.EXE
2007-11-30 14:09 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2007-11-30 14:09 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2007-11-30 14:09 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2007-11-30 14:09 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2007-11-30 14:09 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2007-11-30 14:09 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2007-11-30 14:09 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2007-11-24 13:17 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-11-23 15:27 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-11-23 15:27 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-11-23 15:27 471,552 --a------ C:\WINDOWS\system32\Smab.dll
2007-11-23 15:27 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-11-23 15:27 217,073 --a------ C:\WINDOWS\meta4.exe
2007-11-23 15:27 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-11-23 15:27 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-11-23 15:26 186,880 -r-hs---- C:\WINDOWS\system32\RLOgg.ax
2007-11-23 15:26 161,792 -r-hs---- C:\WINDOWS\system32\RealMediaDX.ax
2007-11-23 15:26 92,672 -r-hs---- C:\WINDOWS\system32\RLVorbisDec.ax
2007-11-23 15:26 67,584 -r-hs---- C:\WINDOWS\system32\RLTheoraDec.ax
2007-11-23 15:26 54,784 -r-hs---- C:\WINDOWS\system32\RLAPEDec.ax
2007-11-23 15:26 51,712 -r-hs---- C:\WINDOWS\system32\RLSpeexDec.ax
2007-11-23 15:26 37,888 -r-hs---- C:\WINDOWS\system32\RLMPCDec.ax
2007-11-19 19:31 <DIR> d-------- C:\WINDOWS\NV14441524.TMP
2007-11-19 19:30 111,171 --a------ C:\WINDOWS\system32\nvapps.xml
2007-11-19 19:20 17,254 --a------ C:\WINDOWS\system32\nvwsapps.nvb
2007-11-18 20:50 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-11-18 20:50 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\MegauploadToolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 13:24 86,306,336 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-10 13:24 2,116,128 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-10 13:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2007-12-10 13:22 202,472 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-10 13:22 1,162,964 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-09 17:04 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Skype
2007-12-09 12:35 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Tlen.pl
2007-12-07 17:49 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-07 17:49 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-11-20 17:37 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-11-04 11:54 --------- d--h--r C:\Documents and Settings\User\Dane aplikacji\SecuROM
2007-11-04 11:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-04 11:42 --------- d-----w C:\Program Files\AGEIA Technologies
2007-11-02 22:25 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-02 22:21 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-01 19:25 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Media Player Classic
2007-11-01 11:45 --------- d-----w C:\Program Files\Winamp Toolbar
2007-11-01 11:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2007-10-30 20:41 --------- d-----w C:\Program Files\neostrada tp
2007-10-23 19:02 --------- d-----w C:\Program Files\Common Files\ESRI
2007-10-23 18:59 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\ESRI
2007-10-23 18:50 --------- d-----w C:\Program Files\Rainbow Technologies
2007-10-23 18:27 --------- d-----w C:\Program Files\Leica Geosystems
2007-10-11 20:24 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-07-28 11:37 23 --sha-w C:\WINDOWS\system32\dddbad7_r.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-29_23.11.47.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-08-07 21:37:24 5,120 ----a-r C:\WINDOWS\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2007-12-05 16:53:50 5,120 ----a-r C:\WINDOWS\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2006-12-09 10:59:29 438,272 ----a-w C:\WINDOWS\system32\bpk.exe
+ 2006-12-09 10:59:30 24,576 ----a-w C:\WINDOWS\system32\bpkhk.dll
+ 2006-12-09 10:59:30 7,680 ----a-w C:\WINDOWS\system32\bpkr.exe
- 2007-11-28 13:45:16 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-10 06:23:10 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-28 13:45:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2007-12-10 06:23:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2007-11-28 13:45:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-10 06:23:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-03 21:08:18 24,960 -c--a-w C:\WINDOWS\system32\dllcache\hidparse.sys
+ 2004-08-03 22:08:18 24,960 -c--a-w C:\WINDOWS\system32\dllcache\hidparse.sys
- 2001-08-17 20:02:20 9,600 -c--a-w C:\WINDOWS\system32\dllcache\hidusb.sys
+ 2001-08-17 21:02:20 9,600 -c--a-w C:\WINDOWS\system32\dllcache\hidusb.sys
- 2006-08-14 08:21:22 23,552 ----a-w C:\WINDOWS\system32\drivers\habu.sys
+ 2006-08-14 09:21:22 23,552 ----a-w C:\WINDOWS\system32\drivers\habu.sys
- 2004-08-03 21:08:18 24,960 ----a-w C:\WINDOWS\system32\drivers\hidparse.sys
+ 2004-08-03 22:08:18 24,960 ----a-w C:\WINDOWS\system32\drivers\hidparse.sys
- 2001-08-17 20:02:20 9,600 ----a-w C:\WINDOWS\system32\drivers\hidusb.sys
+ 2001-08-17 21:02:20 9,600 ----a-w C:\WINDOWS\system32\drivers\hidusb.sys
- 2005-12-21 09:23:26 14,592 ----a-w C:\WINDOWS\system32\drivers\USBICP.sys
+ 2005-12-21 10:23:26 14,592 ----a-w C:\WINDOWS\system32\drivers\USBICP.sys
+ 2006-12-10 09:14:36 4,204 ----a-w C:\WINDOWS\system32\pk.bin
+ 2006-08-14 09:21:22 23,552 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\habu.sys
+ 2006-10-31 10:26:12 36,864 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\i386\hidclass.sys
+ 2004-08-03 21:08:18 24,960 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\i386\hidparse.sys
+ 2001-08-17 20:02:20 9,600 ----a-w C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\i386\hidusb.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
"AutoConnect"="f:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 19:27]
"Komunikator"="F:\Program Files\Tlen.pl\tlen.exe" [2007-02-12 11:01]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-31 05:44]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-11-17 02:05]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 10:21 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"AdslTaskBar"="stmctrl.dll" [2006-06-02 10:01 C:\WINDOWS\system32\stmctrl.dll]
"AVP"="f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 22:02]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2004-12-14 18:28]
"CmUsbSound"="RunDll32 cmcnfgu.cpl" []
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 05:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03]
"Flashget"="F:\Program Files\FlashGet\flashget.exe" [2007-09-25 09:10]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-03-22 03:50 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"Habu"="f:\Program Files\Razer\Habu\razerhid.exe" [2006-08-23 11:20]
"bpk"="C:\WINDOWS\system32\bpk.exe" [2006-12-09 11:59]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:00]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:00]
E-Color.lnk - F:\Program Files\E-Color\Common\IconMgr.exe [2007-08-11 18:15:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsMenu"= 1 (0x1)
"NoSharedDocuments"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
C:\WINDOWS\system32\klogon.dll 2007-01-29 22:04 200768 C:\WINDOWS\system32\klogon.dll

R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudau.sys
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
S3 HabuFltr;Habu Mouse;C:\WINDOWS\system32\drivers\habu.sys
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fec8bf8-98fb-11dc-9b08-001a4d74c6de}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 14:23:50
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-10 14:24:50 - machine was rebooted
.
--- E O F ---

[eSpEY]

Kod: Zaznacz wszystko

O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe

bpk.exe - Perfect Keylogger - (http://www.blazingtools.com/bpk.html)
usuń - spróbuj Dodaj/Usuń Programy Odinstalować Perfect Keylogger