Volume Control problem

[PurpleGorilla]

Hi everyone, I have a rather annoying problem. At the moment when I am gaming or listening to music after a random amount of minutes I stop hearing sound. When I check it in the volume control (speaker icon in the toolbar,) my Wave volume is down to the minimum.

Please help

 

[KSoD]

Do you have a volume control button on your mouse or keyboard that you are pressing? Do you have a combination of keys assigned to this function that you could be hitting while doing things?

 

[PurpleGorilla]

No, atleast not that I am aware of

UPDATE::

it seems i am infected with the iexplorer.exe virus, this makes the sound go weird but i found this out because it is a charasteristic thast rabndom ads pop-up. I also got messages about making ie my basic browser ( i use mozilla) i only get these when i start ie..

But now I got the problem, how to fix it?

 

[KSoD]

Spyware Asylum

 

[PurpleGorilla]

Hijakthis log
@running processes iexplorer.exe is not shown but it was running.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:53:42, on 9-7-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
F:\Program Files(2)\GameTracker\GSInGameService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files(2)\Spybot - Search & Destroy\TeaTimer.exe
F:\Dloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files(2)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - F:\Program Files(2)\GameTracker\GSInGameService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6286 bytes


Malware bits didnt find anything

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Databaseversie: 4293

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

9-7-2010 11:40:14
mbam-log-2010-07-09 (11-40-14).txt

Scantype: Snelle scan
Objecten gescand: 129036
Verstreken tijd: 12 minuut/minuten, 23 seconde

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

 

[PurpleGorilla]

ComboFix 10-07-08.01 - User 09-07-2010 11:09:40.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1279.756 [GMT 2:00]
Gestart vanuit: f:\dloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-06-09 to 2010-07-09 ))))))))))))))))))))))))))))))
.

2010-07-08 21:19 . 2010-07-08 21:19 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-08 21:19 . 2010-07-08 21:19 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-08 21:19 . 2010-07-08 21:19 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-08 21:18 . 2010-07-08 21:19 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-08 21:18 . 2010-07-08 21:18 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-08 21:11 . 2010-07-08 21:11 -------- d-----w- c:\program files\AVG
2010-07-08 21:10 . 2010-07-08 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-08 21:05 . 2010-07-08 21:05 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-07-08 21:05 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-08 21:05 . 2010-07-08 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-08 21:05 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-08 20:05 . 2010-07-08 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-08 19:57 . 2010-06-07 23:57 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-08 19:57 . 2010-06-07 23:57 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-08 19:57 . 2010-06-07 23:57 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-08 19:57 . 2010-06-07 23:57 15192064 ----a-w- c:\windows\system32\nvoglnt.dll
2010-07-08 19:57 . 2010-06-07 23:57 10531200 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-07-08 19:57 . 2010-06-07 23:57 6300544 ----a-w- c:\windows\system32\nv4_disp.dll
2010-07-08 19:57 . 2010-06-07 23:57 4554752 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-08 19:57 . 2010-06-07 23:57 232040 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-08 19:57 . 2010-06-07 23:57 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-07-08 19:57 . 2010-06-07 23:57 1359872 ----a-w- c:\windows\system32\nvapi.dll
2010-07-08 19:57 . 2010-06-07 23:57 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-08 19:57 . 2010-07-08 19:57 -------- d-----w- C:\NVIDIA
2010-07-08 19:33 . 2008-09-24 08:40 4122368 ----a-r- c:\windows\system32\drivers\ALCXWDM.SYS
2010-07-08 19:32 . 2010-07-08 20:01 -------- d-----w- c:\program files\Realtek AC97
2010-07-08 19:32 . 2006-12-08 13:20 10528768 ----a-w- c:\windows\system32\RTLCPL.EXE
2010-07-08 19:32 . 2007-04-16 13:28 577536 ----a-w- c:\windows\SOUNDMAN.EXE
2010-07-08 19:32 . 2006-10-18 00:53 147456 ----a-w- c:\windows\system32\RTLCPAPI.dll
2010-07-08 19:32 . 2006-07-31 09:27 217088 ----a-w- c:\windows\Alcrmv.exe
2010-07-08 19:32 . 2006-07-31 09:19 315392 ----a-w- c:\windows\alcupd.exe
2010-07-08 16:44 . 2010-07-08 16:44 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-08 16:39 . 2010-07-08 16:39 -------- d-----w- c:\program files\NOS
2010-07-08 16:39 . 2010-07-08 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-08 16:39 . 2010-07-08 16:39 -------- d-----w- c:\windows\nview
2010-07-08 16:39 . 2010-07-08 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-07-08 16:31 . 2010-07-08 16:31 -------- d-----w- c:\program files\NGONVOD19147
2010-07-07 19:13 . 2010-07-07 19:13 -------- d-s---w- c:\documents and settings\LocalService\Favorieten
2010-06-29 15:34 . 2010-07-08 19:58 217756 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-06-29 15:34 . 2010-07-08 19:58 217756 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-06-29 15:34 . 2010-07-08 19:58 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-06-29 15:34 . 2010-07-08 19:59 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-29 15:30 . 2010-06-07 23:57 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-06-29 15:21 . 2010-06-29 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2010-06-28 14:17 . 2010-03-29 06:53 32576 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j00uqq2b.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-06-28 14:17 . 2010-03-29 06:53 29984 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j00uqq2b.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-06-27 10:35 . 2010-06-27 10:35 -------- d-----w- c:\documents and settings\User\Application Data\InstallShield
2010-06-27 10:35 . 2010-06-27 10:35 -------- d-----w- c:\program files\EPN werkboek-i
2010-06-23 11:36 . 2010-07-09 08:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\GameTracker
2010-06-23 11:36 . 2010-06-23 19:56 -------- d-----w- c:\documents and settings\User\Application Data\GameTracker
2010-06-22 13:59 . 2010-06-22 13:59 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-65d29db1-n\msvcp71.dll
2010-06-22 13:59 . 2010-06-22 13:59 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-65d29db1-n\jmc.dll
2010-06-22 13:59 . 2010-06-22 13:59 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-65d29db1-n\msvcr71.dll
2010-06-20 15:04 . 2010-06-20 15:04 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-20 15:04 . 2010-06-20 15:04 22328 ----a-w- c:\documents and settings\User\Application Data\PnkBstrK.sys
2010-06-20 15:04 . 2010-06-20 15:04 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-20 15:04 . 2010-06-20 15:04 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-20 15:03 . 2010-06-20 15:03 -------- d-----w- c:\windows\system32\LogFiles
2010-06-10 08:35 . 2010-06-10 08:35 -------- d-----w- c:\windows\Downloaded Installations
2010-06-10 08:32 . 2010-06-10 08:32 1221246 ----a-w- c:\windows\LightWave 3D 9 Uninstaller.exe

 

[PurpleGorilla]

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 08:47 . 2009-11-16 13:33 -------- d-----w- c:\program files\Steam
2010-07-08 23:31 . 2009-10-05 10:47 2404 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-08 19:42 . 2009-10-05 09:41 33600 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-08 19:32 . 2009-11-16 16:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-07 20:02 . 2009-10-05 17:37 -------- d-----w- c:\program files\BitComet
2010-07-04 18:48 . 2010-02-14 09:29 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-06-29 20:22 . 2010-03-28 08:00 -------- d-----w- c:\program files\OpenOffice.org 3
2010-06-24 10:28 . 2006-03-02 12:00 86256 ----a-w- c:\windows\system32\perfc013.dat
2010-06-24 10:28 . 2006-03-02 12:00 499226 ----a-w- c:\windows\system32\perfh013.dat
2010-06-19 20:24 . 2009-11-16 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-19 20:01 . 2009-11-14 18:44 -------- d-----w- c:\program files\Paint.NET
2010-06-19 20:00 . 2010-04-10 10:23 -------- d-----w- c:\program files\TeamViewer
2010-06-19 18:52 . 2010-04-10 10:24 -------- d-----w- c:\documents and settings\User\Application Data\TeamViewer
2010-06-19 18:52 . 2010-01-21 15:20 -------- d-----w- c:\documents and settings\User\Application Data\MilkShape 3D 1.x.x
2010-06-19 18:47 . 2010-06-01 16:21 -------- d-----w- c:\documents and settings\User\Application Data\IObit
2010-06-19 18:09 . 2009-10-06 14:07 -------- d-----w- c:\program files\Pando Networks
2010-06-19 18:09 . 2010-03-30 16:16 -------- d-----w- c:\program files\Lavalys
2010-06-19 18:03 . 2009-10-05 15:05 -------- d-----w- c:\program files\Apple Software Update
2010-06-19 17:59 . 2009-11-08 16:17 -------- d-----w- c:\program files\LimeWire Plus
2010-06-19 17:57 . 2009-12-12 19:40 -------- d-----w- c:\program files\Common Files\Akamai
2010-06-13 20:20 . 2010-03-28 10:57 1 ----a-w- c:\documents and settings\User\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-06 19:45 . 2010-06-06 19:45 472576 ----a-w- c:\windows\Nvidia Omega Drivers v2.169.21 Uninstall.exe
2010-06-06 19:40 . 2010-05-21 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-06-06 11:54 . 2010-06-06 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-06-06 11:25 . 2009-12-03 22:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-06 11:06 . 2010-06-06 11:06 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-05 10:21 . 2010-06-05 10:21 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2010-05-31 18:36 . 2010-05-30 17:10 -------- d-----w- c:\program files\Image-Line
2010-05-30 19:10 . 2009-12-25 12:45 -------- d-----w- c:\documents and settings\User\Application Data\gtk-2.0
2010-05-30 17:10 . 2010-05-30 17:10 -------- d-----w- c:\program files\Outsim
2010-05-30 12:57 . 2010-05-30 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\KB Piano
2010-05-30 12:50 . 2010-05-30 12:50 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-05-30 12:50 . 2010-05-30 12:50 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-05-30 10:02 . 2009-12-25 12:45 -------- d-----w- c:\documents and settings\User\Application Data\enchant
2010-05-29 08:30 . 2010-05-29 08:30 503808 ----a-w- c:\documents and settings\Anderen\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-527f7b27-n\msvcp71.dll
2010-05-29 08:30 . 2010-05-29 08:30 499712 ----a-w- c:\documents and settings\Anderen\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-527f7b27-n\jmc.dll
2010-05-29 08:30 . 2010-05-29 08:30 348160 ----a-w- c:\documents and settings\Anderen\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-527f7b27-n\msvcr71.dll
2010-05-25 19:04 . 2009-11-08 17:02 -------- d-----w- c:\documents and settings\User\Application Data\LimeWirePlus
2010-05-21 17:32 . 2008-03-06 11:46 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-21 17:06 . 2009-11-17 10:49 33600 ----a-w- c:\documents and settings\Anderen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-16 13:57 . 2009-10-05 10:47 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-02 08:10 . 2006-03-02 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:35 . 2006-03-02 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2006-03-02 12:00 670208 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-15 05:38 . 2010-04-15 05:38 85504 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
.

------- Sigcheck -------

[-] 2009-08-06 . A089AB141D4E25E543EEC2230CB50BD6 . 68832 . . [7.4.7600.226] . .

[CODE]

[/CODE]c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . CAD55A7E234B9C190C485EC5582F0BEB . 215776 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2009-08-06 . A089AB141D4E25E543EEC2230CB50BD6 . 68832 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-05-07 1238352]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="f:\program files(2)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 144384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-08 149280]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-08 2065760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-08 21:19 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
path=c:\documents and settings\User\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Start^Programma's^Opstarten^OpenOffice.org 3.2 .lnk]
path=c:\documents and settings\User\Menu Start\Programma's\Opstarten\OpenOffice.org 3.2 .lnk
backup=c:\windows\pss\OpenOffice.org 3.2 .lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-07-08 21:16 2065760 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:03 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"AVP"=2 (0x2)
"AppMgmt"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files(2)\\LightWave 3D 9\\Programs\\hub.exe"=
"f:\\Program Files(2)\\LightWave 3D 9\\Programs\\lightwav.exe"=
"f:\\Program Files(2)\\LightWave 3D 9\\Programs\\modeler.exe"=
"c:\\Program Files\\Steam\\steamapps\\brianb93\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9752:TCP"= 9752:TCP:BitComet 9752 TCP
"9752:UDP"= 9752:UDP:BitComet 9752 UDP
"57311:TCP"= 57311:TCPando Media Booster
"57311:UDP"= 57311:UDPando Media Booster
"1032:TCP"= 1032:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8-7-2010 23:19 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8-7-2010 23:19 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [8-7-2010 23:15 921440]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [8-7-2010 23:15 308136]
R2 GS In-Game Service;GS In-Game Service;f:\program files(2)\GameTracker\GSInGameService.exe [23-6-2010 13:36 1648480]
S3 cpuz130;cpuz130;\??\c:\docume~1\User\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\User\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 iatmunin;iatmunin;\??\c:\docume~1\Anderen\LOCALS~1\Temp\iatmunin.sys --> c:\docume~1\Anderen\LOCALS~1\Temp\iatmunin.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhoud van de 'Gedeelde Taken' map
.
.
------- Bijkomende Scan -------
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j00uqq2b.default\
FF - prefs.js: browser.startup.homepage - youtube.nl
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
f:\program files(2)\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
f:\program files(2)\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
f:\program files(2)\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
f:\program files(2)\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
f:\program files(2)\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
f:\program files(2)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
f:\program files(2)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
f:\program files(2)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
f:\program files(2)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
f:\program files(2)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
f:\program files(2)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
f:\program files(2)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
f:\program files(2)\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
f:\program files(2)\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
f:\program files(2)\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
f:\program files(2)\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
f:\program files(2)\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
f:\program files(2)\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
f:\program files(2)\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
f:\program files(2)\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
f:\program files(2)\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
f:\program files(2)\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
f:\program files(2)\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
f:\program files(2)\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
f:\program files(2)\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS VERWIJDERD - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
AddRemove-CSS Transformation Pack_is1 - e:\cstrike\unins000.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-09 11:20
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Voltooingstijd: 2010-07-09 11:24:27
ComboFix-quarantined-files.txt 2010-07-09 09:24

Pre-Run: 1.099.386.880 bytes beschikbaar
Post-Run: 1.384.255.488 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 8DFF60DF354941108F974A606DD85B3D