ComboFix 07-02-06.3 - Running from: "F:\Robert1\potrzebne"

((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\crypts.dll


(((((((((((((((((((((((((((((((   Files Created from 2007-03-30 to 2007-04-30  ))))))))))))))))))))))))))))))))))
 
 
2007-04-28 14:36	132,660	--a------	C:\WINDOWS\system32\fhsiowtt.dll
2007-04-27 19:44	<DIR>	d--------	C:\DOCUME~1\Rodzina\Dane aplikacji\CyberLink
2007-04-27 19:42	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\Dane aplikacji\CyberLink
2007-04-27 19:39	<DIR>	d--------	C:\Program Files\CyberLink
2007-04-27 14:37	49,204	--a------	C:\WINDOWS\system32\pbrdrvri.dll
2007-04-27 14:37	132,660	--a------	C:\WINDOWS\system32\efpcajce.dll
2007-04-26 14:35	132,660	--a------	C:\WINDOWS\system32\jherkqyk.dll
2007-04-25 20:18	<DIR>	d--------	C:\Program Files\illiminable
2007-04-25 14:35	123,972	--a------	C:\WINDOWS\system32\nhfaqfun.dll
2007-04-25 10:18	46,736	-r-hs----	C:\WINDOWS\system\msnntlp.exe
2007-04-25 10:18	46,736	--a------	C:\WINDOWS\system32\ge1.exe
2007-04-24 13:34	123,972	--a------	C:\WINDOWS\system32\lpwratao.dll
2007-04-23 13:34	123,972	--a------	C:\WINDOWS\system32\ocesanov.dll
2007-04-22 12:33	123,972	--a------	C:\WINDOWS\system32\ofmgkbxb.dll
2007-04-21 20:27	<DIR>	d--------	C:\WINDOWS\ShellNew
2007-04-21 20:26	<DIR>	d--------	C:\DOCUME~1\Rodzina\Dane aplikacji\Microsoft Web Folders
2007-04-21 16:08	<DIR>	d--------	C:\Program Files\Yahoo!
2007-04-21 16:07	<DIR>	d--------	C:\Program Files\CCleaner
2007-04-21 16:01	<DIR>	d--------	C:\Program Files\RegCleaner
2007-04-21 12:34	123,972	--a------	C:\WINDOWS\system32\xyscakdk.dll
2007-04-20 17:00	26,694	--a------	C:\WINDOWS\system32\nnnkihg.dll
2007-04-20 15:56	26,694	--a------	C:\WINDOWS\system32\urqroml.dll
2007-04-20 14:29	26,694	--a------	C:\WINDOWS\system32\fcccccd.dll
2007-04-20 12:32	489,242	---hs----	C:\WINDOWS\system32\ststv.bak2
2007-04-20 12:32	123,972	--a------	C:\WINDOWS\system32\utoedaoc.dll
2007-04-20 12:31	26,694	--a------	C:\WINDOWS\system32\jkkkljg.dll
2007-04-19 22:32	26,694	--a------	C:\WINDOWS\system32\rqrpopp.dll
2007-04-19 22:23	98,304	--a------	C:\WINDOWS\system32\msir3jp.dll
2007-04-19 22:23	9,216	--a------	C:\WINDOWS\system32\kbdnecAT.dll
2007-04-19 22:23	838,144	--a------	C:\WINDOWS\system32\chtbrkr.dll
2007-04-19 22:23	827,438	--a------	C:\WINDOWS\system32\imjp81k.dll
2007-04-19 22:23	73,216	--a------	C:\WINDOWS\system32\uniime.dll
2007-04-19 22:23	70,656	--a------	C:\WINDOWS\system32\korwbrkr.dll
2007-04-19 22:23	7,680	--a------	C:\WINDOWS\system32\kbdnecNT.dll
2007-04-19 22:23	7,168	--a------	C:\WINDOWS\system32\kbdnec95.dll
2007-04-19 22:23	7,168	--a------	C:\WINDOWS\system32\kbdibm02.dll
2007-04-19 22:23	7,168	--a------	C:\WINDOWS\system32\f3ahvoas.dll
2007-04-19 22:23	6,656	--a------	C:\WINDOWS\system32\kbdlk41a.dll
2007-04-19 22:23	6,144	--a------	C:\WINDOWS\system32\kbdlk41j.dll
2007-04-19 22:23	6,144	--a------	C:\WINDOWS\system32\kbdax2.dll
2007-04-19 22:23	6,144	--a------	C:\WINDOWS\system32\kbd106n.dll
2007-04-19 22:23	6,144	--a------	C:\WINDOWS\system32\kbd101a.dll
2007-04-19 22:23	6,144	--a------	C:\WINDOWS\system32\kbd101.dll
2007-04-19 22:23	218,112	--a------	C:\WINDOWS\system32\c_g18030.dll
2007-04-19 22:23	1,677,824	--a------	C:\WINDOWS\system32\chsbrkr.dll
2007-04-19 22:22	6,656	--a------	C:\WINDOWS\system32\c_is2022.dll
2007-04-19 17:39	26,694	--a------	C:\WINDOWS\system32\qomnmkh.dll
2007-04-19 14:28	26,694	--a------	C:\WINDOWS\system32\ddcbxyv.dll
2007-04-19 10:50	26,694	--a------	C:\WINDOWS\system32\nnnnllj.dll
2007-04-19 10:02	204,800	--a------	C:\WINDOWS\system32\clcl4.exe
2007-04-19 09:54	49,204	--a------	C:\WINDOWS\system32\jgtiqivu.dll
2007-04-19 09:54	462,859	---hs----	C:\WINDOWS\system32\ststv.bak1
2007-04-19 09:54	123,972	--a------	C:\WINDOWS\system32\nijkgpbg.dll
2007-04-19 09:53	281,172	---hs----	C:\WINDOWS\system32\vtsts.dll
2007-04-19 09:48	26,694	--a------	C:\WINDOWS\system32\fcccccb.dll
2007-04-18 21:48	11,063	--a------	C:\WINDOWS\system32\awvtq.dll
2007-04-18 19:19	26,694	--a------	C:\WINDOWS\system32\ljjijgh.dll
2007-04-18 19:03	8,704	--a------	C:\WINDOWS\system32\kbdjpn.dll
2007-04-18 19:03	8,192	--a------	C:\WINDOWS\system32\kbdkor.dll
2007-04-18 19:03	6,144	--a------	C:\WINDOWS\system32\kbd106.dll
2007-04-18 19:03	6,144	--a------	C:\WINDOWS\system32\kbd101c.dll
2007-04-18 19:03	6,144	--a------	C:\WINDOWS\system32\kbd101b.dll
2007-04-18 19:03	5,632	--a------	C:\WINDOWS\system32\kbd103.dll
2007-04-18 18:00	3,963	--a------	C:\WINDOWS\system32\mljji.dll
2007-04-18 16:54	26,694	--a------	C:\WINDOWS\system32\xxywwtt.dll
2007-04-18 16:49	<DIR>	d--------	C:\avenger
2007-04-18 16:40	73,728	--a------	C:\WINDOWS\system32\svehost.exe
2007-04-18 15:29	26,694	--a------	C:\WINDOWS\system32\gebcbbb.dll
2007-04-18 15:08	23,416	--a------	C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-18 15:07	94,552	--a------	C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-18 15:07	90,112	--a------	C:\WINDOWS\system32\AVASTSS.scr
2007-04-18 15:07	85,952	--a------	C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-18 15:07	733,824	--a------	C:\WINDOWS\system32\aswBoot.exe
2007-04-18 15:07	43,176	--a------	C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-18 15:07	26,888	--a------	C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-18 14:54	26,694	--a------	C:\WINDOWS\system32\khffged.dll
2007-04-18 14:46	<DIR>	d--------	C:\WINDOWS\CSC
2007-04-18 14:42	65,536	--a------	C:\WINDOWS\system32\sexwwjr.dll
2007-04-18 14:42	185,856	--a------	C:\WINDOWS\system32\Bmp2Jpeg.dll
2007-04-18 14:42	101,888	--a------	C:\WINDOWS\system32\VB6STKIT.DLL
2007-04-18 14:42	<DIR>	d--------	C:\Program Files\abcwebwizardfull11
2007-04-18 14:22	26,694	--a------	C:\WINDOWS\system32\khfdcaa.dll
2007-04-18 14:11	26,694	--a------	C:\WINDOWS\system32\ljjklmn.dll
2007-04-17 21:45	26,694	--a------	C:\WINDOWS\system32\rqrpmnm.dll
2007-04-17 21:40	26,694	--a------	C:\WINDOWS\system32\hggfdcy.dll
2007-04-17 20:44	26,694	--a------	C:\WINDOWS\system32\tuvtqrs.dll
2007-04-17 20:37	26,694	--a------	C:\WINDOWS\system32\ssqpoli.dll
2007-04-17 18:38	26,694	--a------	C:\WINDOWS\system32\vturqol.dll
2007-04-17 18:12	26,694	--a------	C:\WINDOWS\system32\fccbxut.dll
2007-04-17 18:04	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\Dane aplikacji\FRISK Software
2007-04-17 17:45	26,694	--a------	C:\WINDOWS\system32\hgggdcy.dll
2007-04-17 17:06	<DIR>	d--------	C:\WINDOWS\system32\Kaspersky Lab
2007-04-17 15:15	26,694	--a------	C:\WINDOWS\system32\qomjghf.dll
2007-04-17 11:40	26,694	--a------	C:\WINDOWS\system32\mljifef.dll
2007-04-16 21:24	26,694	--a------	C:\WINDOWS\system32\gebyxwt.dll
2007-04-16 19:48	26,694	--a------	C:\WINDOWS\system32\wvuvvtq.dll
2007-04-16 19:19	26,694	--a------	C:\WINDOWS\system32\wvuvtro.dll
2007-04-15 21:08	787,456	--a------	C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-04-15 21:08	294,912	-ra------	C:\WINDOWS\system32\atiiiexx.dll
2007-04-15 21:08	151,552	-ra------	C:\WINDOWS\system32\ATIDEMGR.dll
2007-04-15 20:59	<DIR>	d--------	C:\WINDOWS\LastGood
2007-04-15 20:52	<DIR>	d--------	C:\WINDOWS\LastGood.Tmp
2007-04-15 20:51	<DIR>	d--------	C:\ATI
2007-04-15 11:16	68,096	--a------	C:\msvista.exe
2007-04-12 13:03	<DIR>	d--------	C:\Program Files\PuTTY
2007-04-12 07:17	<DIR>	d--------	C:\Program Files\BearShare Applications
2007-04-11 15:00	<DIR>	d--------	C:\DOCUME~1\Rodzina\Dane aplikacji\FileZilla
2007-04-11 14:59	<DIR>	d--------	C:\Program Files\FileZilla Client
2007-04-10 17:55	<DIR>	d--------	C:\!KillBox
2007-04-07 19:08	545	--a------	C:\WINDOWS\UC.PIF
2007-04-07 19:08	545	--a------	C:\WINDOWS\RAR.PIF
2007-04-07 19:08	545	--a------	C:\WINDOWS\PKZIP.PIF
2007-04-07 19:08	545	--a------	C:\WINDOWS\PKUNZIP.PIF
2007-04-07 19:08	545	--a------	C:\WINDOWS\NOCLOSE.PIF
2007-04-07 19:08	545	--a------	C:\WINDOWS\LHA.PIF
2007-04-07 19:08	545	--a------	C:\WINDOWS\ARJ.PIF
2007-04-07 19:08	<DIR>	d--------	C:\totalcmd
2007-04-07 18:52	245,760	---------	C:\WINDOWS\system32\DECO_32.DLL
2007-04-07 18:52	<DIR>	d--------	C:\Program Files\PWN
2007-04-07 10:52	<DIR>	d--------	C:\DOCUME~1\Rodzina\Dane aplikacji\Help
2007-04-06 20:25	<DIR>	d--hs----	C:\WINDOWS\ftpcache
2007-04-05 22:50	<DIR>	d--------	C:\WINDOWS\system32\ActiveScan
2007-04-05 21:56	<DIR>	d--------	C:\DOCUME~1\Rodzina\Dane aplikacji\DivX
2007-04-04 18:27	<DIR>	d--------	C:\Program Files\Stardock
2007-04-04 16:28	116,472	---------	C:\WINDOWS\system32\pxcpyi64.exe
2007-04-04 16:28	<DIR>	d--------	C:\Program Files\Google
2007-04-04 16:27	<DIR>	d--------	C:\Program Files\DivX
2007-04-01 21:33	<DIR>	d--------	C:\Program Files\Microsoft.NET
2007-03-31 18:50	<DIR>	d--------	C:\WINDOWS\Cache
2007-03-31 13:01	<DIR>	d--------	C:\Program Files\Robster Productions


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-30 14:17	--------	d--------	C:\Program Files\wanadoo
2007-04-30 14:10	--------	d--------	C:\Program Files\flashget
2007-04-30 13:52	--------	d--------	C:\Program Files\mozilla firefox
2007-04-28 11:17	--------	d---s----	C:\Documents and Settings\Rodzina\Dane aplikacji\microsoft
2007-04-28 10:43	--------	d--------	C:\Documents and Settings\Rodzina\Dane aplikacji\identities
2007-04-27 19:44	--------	d--------	C:\Documents and Settings\Rodzina\Dane aplikacji\cyberlink
2007-04-27 19:39	--------	d--h-----	C:\Program Files\installshield installation information
2007-04-26 20:42	--------	d--------	C:\Program Files\maiet
2007-04-24 16:32	--------	d--------	C:\Documents and Settings\Rodzina\Dane aplikacji\bearshare
2007-04-23 14:22	--------	d--------	C:\Program Files\ea sports
2007-04-21 23:13	--------	d--------	C:\Documents and Settings\Rodzina\Dane aplikacji\skype
2007-04-21 20:26	--------	d--------	C:\Documents and Settings\Rodzina\Dane aplikacji\microsoft web folders
2007-04-21 20:25	--------	d--------	C:\Program Files\microsoft frontpage
2007-04-19 14:55	--------	d--------	C:\Documents and Settings\Rodzina\Dane aplikacji\filezilla
2007-04-18 17:48	--------	d--------	C:\Documents and Settings\Rodzina\Dane aplikacji\adobe
2007-04-15 20:50	--------	d--------	C:\Program Files\ati technologies
2007-04-09 16:42	--------	d--------	C:\Program Files\polo
2007-04-07 10:52	--------	d--------	C:\Documents and Settings\Rodzina\Dane aplikacji\help
2007-04-05 23:07	--------	d--------	C:\Program Files\gadu-gadu
2007-04-05 21:56	--------	d--------	C:\Documents and Settings\Rodzina\Dane aplikacji\divx
2007-04-05 21:09	3805	--a------	C:\WINDOWS\mozver.dat
2007-04-04 20:50	49492	--a------	C:\WINDOWS\system32\perfc015.dat
2007-04-04 20:50	355486	--a------	C:\WINDOWS\system32\perfh015.dat
2007-03-29 21:28	--------	d--h-----	C:\Program Files\windowsupdate
2007-03-29 12:48	--------	d--------	C:\Program Files\marbit
2007-03-27 15:13	--------	d--------	C:\Program Files\Common Files\adobe
2007-03-27 09:55	524288	--a------	C:\WINDOWS\system32\divxsm.exe
2007-03-27 09:55	36624	---------	C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-27 09:55	3596288	--a------	C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 09:55	200704	--a------	C:\WINDOWS\system32\ssldivx.dll
2007-03-27 09:55	129784	---------	C:\WINDOWS\system32\pxafs.dll
2007-03-27 09:55	118520	---------	C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 09:55	1044480	--a------	C:\WINDOWS\system32\libdivx.dll
2007-03-27 09:49	73728	--a------	C:\WINDOWS\system32\dpl100.dll
2007-03-27 09:49	593920	--a------	C:\WINDOWS\system32\dpugui11.dll
2007-03-27 09:49	57344	--a------	C:\WINDOWS\system32\dpv11.dll
2007-03-27 09:49	53248	--a------	C:\WINDOWS\system32\dpugui10.dll
2007-03-27 09:49	344064	--a------	C:\WINDOWS\system32\dpus11.dll
2007-03-27 09:49	294912	--a------	C:\WINDOWS\system32\dpu11.dll
2007-03-27 09:49	294912	--a------	C:\WINDOWS\system32\dpu10.dll
2007-03-27 09:49	196608	--a------	C:\WINDOWS\system32\dtu100.dll
2007-03-27 09:48	823296	--a------	C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 09:48	823296	--a------	C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 09:48	802816	--a------	C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 09:48	639066	--a------	C:\WINDOWS\system32\divx.dll
2007-03-25 16:10	82380	--a------	C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-03-25 16:10	--------	d--------	C:\Program Files\hewlett-packard
2007-03-23 15:41	--------	d--------	C:\Documents and Settings\Rodzina\Dane aplikacji\ganymedenet
2007-03-23 14:58	--------	d--------	C:\Program Files\winamp
2007-03-21 20:08	--------	d--------	C:\Program Files\ahead
2007-03-21 20:07	--------	d--------	C:\Program Files\Common Files\ahead
2007-03-21 17:24	--------	d--------	C:\Program Files\skype
2007-03-21 16:54	--------	d--------	C:\Program Files\messenger
2007-03-21 16:46	--------	d--------	C:\Program Files\windows nt
2007-03-21 16:46	--------	d--------	C:\Program Files\movie maker
2007-03-21 16:26	--------	d--------	C:\Program Files\lavalys
2007-03-21 11:55	--------	d--------	C:\Program Files\valve
2007-03-21 11:22	--------	d--------	C:\Documents and Settings\Rodzina\Dane aplikacji\macromedia
2007-03-21 11:21	107134	--a------	C:\WINDOWS\uninstallfirefox.exe
2007-03-21 11:21	0	--a------	C:\WINDOWS\nsreg.dat
2007-03-21 11:21	--------	d--------	C:\Documents and Settings\Rodzina\Dane aplikacji\mozilla
2007-03-21 11:14	--------	d--------	C:\Program Files\sagem
2007-03-21 11:14	--------	d--------	C:\Program Files\javasoft
2007-03-21 10:36	--------	d--------	C:\Program Files\alwil software
2007-03-21 10:35	--------	d--------	C:\Documents and Settings\Rodzina\Dane aplikacji\ati
2007-03-21 10:19	--------	d--------	C:\Program Files\Common Files\installshield
2007-03-21 10:12	--------	d--------	C:\Program Files\c-media 3d audio
2007-03-21 10:03	0	-rahs----	C:\MSDOS.SYS
2007-03-21 10:03	0	-rahs----	C:\IO.SYS
2007-03-21 10:03	0	--a------	C:\CONFIG.SYS
2007-03-21 10:03	0	--a------	C:\AUTOEXEC.BAT
2007-03-21 10:01	--------	d--------	C:\Program Files\usógi online
2007-03-21 10:00	--------	d--------	C:\Program Files\Common Files\mssoap
2007-03-21 09:59	21856	--a------	C:\WINDOWS\system32\emptyregdb.dat
2007-03-21 09:58	--------	d--------	C:\Program Files\msn gaming zone
2007-03-21 09:50	62	--ahs----	C:\Documents and Settings\Rodzina\Dane aplikacji\desktop.ini
2007-03-21 09:50	--------	d--------	C:\Program Files\Common Files\speechengines
2007-03-21 09:50	--------	d--------	C:\Program Files\Common Files\odbc
2007-03-02 22:54	307200	--a------	C:\WINDOWS\system32\atidemgx.dll
2007-03-02 22:29	3107788	--a------	C:\WINDOWS\system32\ativvaxx.dat
2007-03-02 22:17	258048	--a------	C:\WINDOWS\system32\atikvmag.dll
2007-02-26 17:44	147685	--a------	C:\WINDOWS\system32\atiicdxx.dat
2007-02-16 03:40	124472	--a------	C:\WINDOWS\system32\divxcodecupdatechecker.exe
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"Gadu-Gadu"="\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\TaskbarIcon.exe"
"HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe"
"DeviceDiscovery"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"
"Flashget"="C:\\Program Files\\FlashGet\\flashget.exe /min"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FlashGet"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\FlashGet\\FlashGet.exe\" /min"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"
	

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2354A369-FB71-4D46-AE6D-701001F6D987}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Ms M1crofost System updt"="C:\\WINDOWS\\System32\\ehuytq.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Ms M1crofost System updt"="C:\\WINDOWS\\System32\\ehuytq.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjijgh
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjklmn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpmkh
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsts

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService	REG_MULTI_SZ   	Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService	REG_MULTI_SZ   	DnsCache\0\0
rpcss	REG_MULTI_SZ   	RpcSs\0\0
imgsvc	REG_MULTI_SZ   	StiSvc\0\0
termsvcs	REG_MULTI_SZ   	TermService\0\0
HTTPFilter	REG_MULTI_SZ   	HTTPFilter\0\0



********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-30 14:24:49
C:\ComboFix2.txt ... 07-04-18 16:55