[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2008-01-20 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-20 125952]
"Smax4v"="c:\users\Martin\AppData\Roaming\Google\windep.exe" [2008-12-07 128000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"TRCMan"="c:\program files\TOSHIBA\TRCMan\TRCMan.exe" [2008-01-11 692224]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-15 448080]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-17 1295656]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-13 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-02-14 184320]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-07 1261336]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{806D78B3-015C-4722-9DB5-A35C81FBB93D}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe:CyberLink PowerCinema
"{D65BA80A-4847-49F9-8154-3AAD5008E39B}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMService.exe:CyberLink PowerCinema Resident Program
"{FB9826A3-C8DD-40FC-8CA4-24624870C415}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{7DE3F918-8D69-41D4-99C3-88D389826E89}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{8D419721-5E67-4049-BAC8-0508B389A962}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9B17E516-8B7E-4AB2-B9AD-8852061E167C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4FD5D316-EB6E-41D6-B39F-66E465CB2D78}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0D5F2E5D-7DA0-4AEE-A1E3-3E121C54B6CD}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{57F3CE0A-2842-40EB-A16B-34D7227038FD}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{9D0E0E46-A252-4188-9565-5682779BADFE}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{30AC1AA6-9DA1-4116-A32F-FFECFE0812A7}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{44DCE38D-4A4B-433E-A992-0FB292A86851}c:\\matov folder\\command and conquer zero hours\\game.dat"= UDP:c:\matov folder\command and conquer zero hours\game.dat:game.dat
"UDP Query User{50358FBC-9FDD-4186-9866-BC391C87A2A3}c:\\matov folder\\command and conquer zero hours\\game.dat"= TCP:c:\matov folder\command and conquer zero hours\game.dat:game.dat
"{E7979F6C-DAFE-47EF-98D2-F71C3FD1ADDA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EED1AA2E-4FB6-4646-8592-AB206234777F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D114284B-7DF2-4EE9-AC1C-2A3A90F2F65C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{4E988905-E41B-40AF-98F6-BDA806CBCB55}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{524021D1-F097-453E-AA5A-764960AEAA93}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{C554D7F9-F2D2-44FB-9FE6-DFEDB3BDC1CD}c:\\matov folder\\steam\\steamapps\\tatar@ovsiste.sk\\counter-strike source\\hl2.exe"= UDP:c:\matov folder\steam\steamapps\tatar@ovsiste.sk\counter-strike source\hl2.exe:hl2
"UDP Query User{2E0167BA-5039-46D0-82AF-3B1716FD83E2}c:\\matov folder\\steam\\steamapps\\tatar@ovsiste.sk\\counter-strike source\\hl2.exe"= TCP:c:\matov folder\steam\steamapps\tatar@ovsiste.sk\counter-strike source\hl2.exe:hl2
"TCP Query User{35ED73E0-EA0B-43EE-967C-F967D3C902DD}c:\\matov folder\\need for speed\\online\\bombd.exe"= UDP:c:\matov folder\need for speed\online\bombd.exe:bombd
"UDP Query User{A78AEE20-6E33-4669-A4DD-35646EA89CAE}c:\\matov folder\\need for speed\\online\\bombd.exe"= TCP:c:\matov folder\need for speed\online\bombd.exe:bombd
"TCP Query User{524C00A2-F853-4835-9B16-5246889C41B0}c:\\program files\\electronic arts\\need for speed prostreet\\online\\bombd.exe"= UDP:c:\program files\electronic arts\need for speed prostreet\online\bombd.exe:bombd
"UDP Query User{D8EBA051-AB7B-45F5-9151-28E6D4FAC155}c:\\program files\\electronic arts\\need for speed prostreet\\online\\bombd.exe"= TCP:c:\program files\electronic arts\need for speed prostreet\online\bombd.exe:bombd
"{E0579686-466B-49E3-9C2A-A8796B4CA121}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{0392436E-DDAD-4754-8664-EB7D5B0D40BD}c:\\matov folder\\warcraft\\war3.exe"= UDP:c:\matov folder\warcraft\war3.exe:war3
"UDP Query User{ADE20DE8-6E7A-4C3B-9DCC-E07E7396767E}c:\\matov folder\\warcraft\\war3.exe"= TCP:c:\matov folder\warcraft\war3.exe:war3
"TCP Query User{AA2BF521-86F6-4B49-A2C8-94441FC73775}c:\\program files\\proxyway\\proxyway.exe"= UDP:c:\program files\proxyway\proxyway.exe:ProxyWay
"UDP Query User{0249BE91-D34D-46EE-B331-EDF48BE979A5}c:\\program files\\proxyway\\proxyway.exe"= TCP:c:\program files\proxyway\proxyway.exe:ProxyWay
"TCP Query User{46F196B8-C8EC-48E2-9E10-C2FCC73FDF2F}c:\\matov folder\\steam\\steamapps\\tatar@ovsiste.sk\\counter-strike\\hl.exe"= UDP:c:\matov folder\steam\steamapps\tatar@ovsiste.sk\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{CB34DDAD-CE98-4AE5-AAB3-B823F67B8208}c:\\matov folder\\steam\\steamapps\\tatar@ovsiste.sk\\counter-strike\\hl.exe"= TCP:c:\matov folder\steam\steamapps\tatar@ovsiste.sk\counter-strike\hl.exe:Half-Life Launcher
"{CFC5482D-2D8A-4EDF-B2B2-A6BA3B5D1E6F}"= UDP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{C07CDB9A-B733-40D1-B8BD-BE45063FFD7A}"= TCP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{09D0BEE4-FB96-4F5C-8008-C4EE1D929411}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-07 97928]
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20081014.001\IDSvix86.sys [2008-10-14 270384]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-06-16 20352]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-07 231704]
R2 ConfigFree Service;ConfigFree Service;"c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe" [2007-12-25 40960]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;"c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [2007-12-03 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2008-02-12 7168]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-06-16 937984]
*Newly Created Service* - AVGLDX86
*Newly Created Service* - AVGMFX86
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-12-07 c:\windows\Tasks\User_Feed_Synchronization-{3FB2D258-458C-4224-B88B-8FAC9435781D}.job
- c:\windows\system32\msfeedssync.exe [2008-01-20 20:24]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 127.0.0.1:81
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\hvpvdt9f.default\
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll
FF -: plugin - c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll
FF -: plugin - c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll
FF -: plugin - c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll
FF -: plugin - c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll
FF -: plugin - c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll
FF -: plugin - c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll
FF -: plugin - c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-07 15:26:20
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(580)
c:\users\Martin\AppData\Roaming\Google\dplsmjk.dll
.
Completion time: 2008-12-07 15:27:25
ComboFix-quarantined-files.txt 2008-12-07 21:27:19
Pre-Run: 142,660,608,000 bytes free
Post-Run: 142,781,079,552 bytes free
233 --- E O F --- 2008-12-04 17:19:19