Opstart Win Vista traag door stuurprogramma

[Miloetje]

Mijn windows vista home premium 32 bits intel core2 met 3g intern start traag op. Middels de optie geavanceerde hulpprogramma's onder de windows prestatie index zie ik dat hier 3 programma's verantwoordelijk voor zijn (zie bijlage). Deze kan ik echter op geen enkele manier traceren. (niet onder msconfig niet via cc cleaner niet via windows defender). Heeft iemand enig idee?
Overigens werkt de computer verder uitstekend na het trage opstarten!

 

[Abraham54]

Re: opstart vista traag door stuurprogramma

Dat duidt op een malware besmetting!

Download, installeer en blijf MBAM gebruiken (KLIK)

• Al meteen na de installatie wil MBAM zijn database opwaarderen toestaan dus.
• Ook bij herhaald gebruik: eerst MBAM updaten via de tab Update!
  
• Start MBAM en kies voor Snelle Scan
  
• N.B.: Vistagebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.
  
• Het scannen kan een tijdje duren, dus wees geduldig.
• Indien de scan voltooid is, klik dan op de knop OK
• Klik daarna op de knop Bekijk Resultaten om de resultaten te zien.
• Zorg ervoor, dat alles aangevinkt is.
• Vervolgens klik je op: Verwijder geselecteerde .
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  
• Het log wordt automatisch bewaard door MBAM en dat kan je terugvinden door op de tab Logs te klikken in MBAM .
  
• Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven dan telkens op OK klikken!
• Daarna zal MBAM vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.

Indien er de rootkit (TDSS) aanwezig is, zal MBAM ook vragen te herstarten. Doe dit dan ook.
MBAM zal dan na de herstart opnieuw scannen en de rootkit verwijderen.

Post het log.

 

[Miloetje]

Re: opstart vista traag door stuurprogramma

Hoi Abraham, bijgaand het logbestandje. Zo te zien was het erger dan ik verwacht had.

Alvast dank voor deze snelle reactie

 

[Abraham54]

Re: opstart vista traag door stuurprogramma

Ahum, een Vundo-infectie.

Hoe doet je Windows het nu?
Want mogelijk is er een vervolgbehandeling echt nodig!

 

[Miloetje]

Re: opstart vista traag door stuurprogramma

het opstarten is nog steeds niet supersnel maar bij geavanceerde hulpprogramma's zie ik niet de melding terugkomen zoals ik die in het eerste post heb bijgevoegd. Ook nog een volledige scan gedaan met MBAM waar niets meer uit kwam. En ook nog Vundofix.exe (versie 7.0) gedraaid waar ook niets uit kwam.

 

[Abraham54]

Re: opstart vista traag door stuurprogramma

Doe daarom het volgende: Download Combofix naar je bureaublad om jouw Windows te laten scannen (KLIK).

Ook belangrijk: hoe Combofix goed te gebruiken? (KLIK)

• Om Combofix te kunnen gebruiken geldt het volgende:
• Vista- en Windows 7 gebruikers starten Combofix op met Administratorrechten!
• Er mogen geen webbrowsers openstaan
• Antivirus moet geheel gedeaktiveerd zijn
• Actieve mal- en spywarescanners moeten gedeaktiveerd zijn
• Niet in het actieve Combofixvnster klikken – dit zal Combofix doen bevriezen!
• Combofix sluit de internet verbinding – probeer deze tussentijds niet te herstellen!
• En vergeet ook niet Windows Defender tijdelijk uit te schakelen: zie daarvoor http://windowshelp.microsoft.com/Windows/nl-NL/help/31d797aa-091d-4d67-a556-dbfaf21bf0dc1043.mspx
• Hier vindt je gegevens hoe antivirus te deaktiveren http://www.bleepingcomputer.com/forums/topic114351.html
• Post aansluitend het Combofix log via DDRMMR's kleurcodeerder.

Indien Combofix in de downloadmap van Vista/Windows 7 terechtkomt, verplaats dan Combofix eerst naar het bureaublad

 

[Miloetje]

Re: opstart vista traag door stuurprogramma

Bijgaand het resultaat, ben benieuwd!

[hjt]
combofix 10-04-10.02 - patje 11-04-2010 15:58:13.1.2 - x86
microsoft windows vista home premium 6.0.6001.1.1252.31.1043.18.3070.2222 [gmt 2:00]
gestart vanuit: c:\users\patje\desktop\combofix.exe
sp: spybot - search and destroy *disabled* (updated) {ed588faf-1b8f-43b4-aca8-8e3c85dadbe9}
.
ads - windows: deleted 24 bytes in 1 streams.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\s-1-5-21-3691576666-3706752153-3734997459-1003
.
(((((((((((((((((((( bestanden gemaakt van 2010-03-11 to 2010-04-11 ))))))))))))))))))))))))))))))
.
2010-04-11 14:05 . 2010-04-11 14:05 -------- d-----w- c:\users\patje\appdata\local\temp
2010-04-11 12:52 . 2010-04-11 12:52 -------- d-----w- c:\vundofix backups
2010-04-11 10:51 . 2010-04-11 10:51 -------- d-----w- c:\users\patje\appdata\roaming\malwarebytes
2010-04-11 10:51 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-11 10:51 . 2010-04-11 10:51 -------- d-----w- c:\programdata\malwarebytes
2010-04-11 10:51 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 19:24 . 2010-04-09 19:24 688128 ----a-w- c:\programdata\mgs\cache\t\transition_gao_apr_2010.791a557334b6a04d9e4145fe55634dc0.dll
2010-04-09 19:24 . 2010-04-09 19:24 626688 ----a-w- c:\programdata\mgs\cache\g\gamble2_gao_apr_2010.79da078c1366250640dc5a6500c321de.dll
2010-04-09 19:24 . 2010-04-09 19:24 1585152 ----a-w- c:\programdata\mgs\cache\a\advancedslots1_gao_apr_2010.022c08b32efc0c5396c90a2264e8b41f.dll
2010-04-09 19:24 . 2010-04-09 19:24 1069056 ----a-w- c:\programdata\mgs\cache\a\advancedslots1xxx_gao_apr_2010.2199d362fdef45f7fa87f3ad5772e9c0.dll
2010-04-09 19:24 . 2010-04-09 19:24 933888 ----a-w- c:\programdata\mgs\cache\s\simplepickxofybonus_gao_apr_2010.7451c7a7403bac527dc9e91858d66a35.dll
2010-04-09 19:14 . 2010-04-09 19:14 94208 ----a-w- c:\programdata\mgs\cache\l\lua51host.668670e33723f8f8763a1e128bf0ba1b.dll
2010-04-09 19:13 . 2010-04-09 19:13 61440 ----a-w- c:\programdata\mgs\cache\v\void.ad81709fa9924561f9a166574fbcd583.dll
2010-04-09 19:13 . 2010-04-09 19:13 430080 ----a-w- c:\programdata\mgs\cache\m\menucore.8994833bb1ff066b3216bdecd5a9f4c6.dll
2010-04-09 14:49 . 2010-04-09 14:49 -------- d-----w- c:\users\patje\appdata\roaming\avg9
2010-04-08 11:27 . 2010-04-08 11:27 -------- d-----w- c:\program files\nch software
2010-04-08 11:24 . 2010-04-08 11:24 -------- d-----w- c:\programdata\nch swift sound
2010-04-08 11:24 . 2010-04-08 11:24 -------- d-----w- c:\program files\nch swift sound
2010-04-08 11:24 . 2010-04-08 11:24 -------- d-----w- c:\users\patje\appdata\roaming\nch swift sound
2010-04-01 17:37 . 2010-04-01 17:37 221184 ----a-w- c:\programdata\mgs\cache\g\goldseriestripleactionholdempokerstatsplugin.5e32c61188363218acf114870d90241e.dll
2010-04-01 17:37 . 2010-04-01 17:37 540672 ----a-w- c:\programdata\mgs\cache\g\goldseriestripleactionholdempokerxxx.e854f9f411ec0d8827ade1c7aef58516.dll
2010-04-01 17:37 . 2010-04-01 17:37 671744 ----a-w- c:\programdata\mgs\cache\g\goldseriestripleactionholdempokerplugin.f55f8f2fd50979a9ee32bc4e38796bdc.dll
2010-04-01 17:36 . 2010-04-01 17:36 851968 ----a-w- c:\programdata\mgs\cache\b\biathlonbonus.1867224e07f193acaf7efbba325b104b.dll
2010-04-01 17:36 . 2010-04-01 17:36 1064960 ----a-w- c:\programdata\mgs\cache\a\advancedslots1xxx_gao_feb_2010.78a92f7abf80927925a5a04a8a7a481e.dll
2010-04-01 17:36 . 2010-04-01 17:36 847872 ----a-w- c:\programdata\mgs\cache\s\skateskiingbonus.1e05deb9d58eaa64b9e713886fa55db6.dll
2010-04-01 17:36 . 2010-04-01 17:36 843776 ----a-w- c:\programdata\mgs\cache\b\bobsleighbonus.356384aca809d8c83267afe4901796dd.dll
2010-04-01 17:36 . 2010-04-01 17:36 1232896 ----a-w- c:\programdata\mgs\cache\l\lovepotionbonus.26212e95341ecdba1e5c1d54ed29f8e1.dll
2010-04-01 17:36 . 2010-04-01 17:36 626688 ----a-w- c:\programdata\mgs\cache\g\gamble2_gao_feb_2010.970a443b3bdc2b8c33dfd5bf701780cf.dll
2010-04-01 17:36 . 2010-04-01 17:36 684032 ----a-w- c:\programdata\mgs\cache\t\transition_gao_feb_2010.d21e90b2a2cc4ebc389bcfd4fc0416dc.dll
2010-04-01 17:36 . 2010-04-01 17:36 847872 ----a-w- c:\programdata\mgs\cache\w\wheelbonus.75b36445efb15d4c2d14a7600496c6a2.dll
2010-04-01 17:36 . 2010-04-01 17:36 1581056 ----a-w- c:\programdata\mgs\cache\a\advancedslots1_gao_feb_2010.b0456ffafe9833a9cb73d756fc6bdec3.dll
2010-04-01 17:22 . 2010-04-01 17:22 708608 ----a-w- c:\programdata\mgs\cache\t\transition_gao_mar_2010.00e558dbf98f160d236f0e738de93c37.dll
2010-04-01 17:22 . 2010-04-01 17:22 1650688 ----a-w- c:\programdata\mgs\cache\a\advancedslots1_gao_mar_2010.011b7c042032e11252156706d78b5e83.dll
2010-04-01 17:22 . 2010-04-01 17:22 950272 ----a-w- c:\programdata\mgs\cache\s\simplepickxofybonus_gao_mar_2010.e5e91d49a18e4440b5a76ddd6446140c.dll
2010-04-01 17:22 . 2010-04-01 17:22 1224704 ----a-w- c:\programdata\mgs\cache\a\advancedslots1xxx_gao_mar_2010.05a7fd71980574f91eb4c1420f71b1f7.dll
2010-04-01 17:20 . 2010-04-01 17:20 684032 ----a-w- c:\programdata\mgs\cache\a\arcticfortunetransition.cdb6c11f100d3a3cb0c0550c21b277e4.dll
2010-04-01 17:20 . 2010-04-01 17:20 1568768 ----a-w- c:\programdata\mgs\cache\a\arcticfortune.b328b57943682e2d7fd4847916ff9b2b.dll
2010-04-01 17:20 . 2010-04-01 17:20 1232896 ----a-w- c:\programdata\mgs\cache\a\arcticfortune_gspider.770d41ad6c8d6246716f0968e4501795.dll
2010-04-01 17:20 . 2010-04-01 17:20 1236992 ----a-w- c:\programdata\mgs\cache\a\arcticfortune_spiderbonus.c6f7df06987955caf77bb513ebf7e5b5.dll
2010-04-01 17:20 . 2010-04-01 17:20 1064960 ----a-w- c:\programdata\mgs\cache\a\arcticfortunexxx.88b69b79191872d92329d1cfa9817586.dll
2010-04-01 17:20 . 2010-04-01 17:20 1224704 ----a-w- c:\programdata\mgs\cache\a\arcticfortune_crankbonus.79fd1aae910e128f743d90232d089b3b.dll
2010-04-01 17:13 . 2010-04-01 17:13 1572864 ----a-w- c:\programdata\mgs\cache\a\advancedslots1_hellboy.cde3facca4e62dd1980118b9f69c127f.dll
2010-04-01 17:13 . 2010-04-01 17:13 1572864 ----a-w- c:\programdata\mgs\cache\a\advancedslots1_gao_jan_2010.27798ac5c513c88d4f74b2fc87b9bf6e.dll
2010-04-01 17:13 . 2010-04-01 17:13 626688 ----a-w- c:\programdata\mgs\cache\g\gamble2_hellboy.ef7dfe9e02564671f52a95d839e51b8d.dll
2010-04-01 17:13 . 2010-04-01 17:13 1064960 ----a-w- c:\programdata\mgs\cache\a\advancedslots1xxx_hellboy.0200f4406079039e4f9f4fd4269c6144.dll
2010-04-01 17:13 . 2010-04-01 17:13 684032 ----a-w- c:\programdata\mgs\cache\t\transition_hellboy.2389dbbb7a92af30b5bb4e62701f18a5.dll
2010-04-01 17:13 . 2010-04-01 17:13 626688 ----a-w- c:\programdata\mgs\cache\g\gamble2_gao_jan_2010.114da6697b16a4308920de3f00df9d11.dll
2010-04-01 17:13 . 2010-04-01 17:13 684032 ----a-w- c:\programdata\mgs\cache\t\transition_gao_jan_2010.6ce545b01335b0127c2a55cc392a24e6.dll
2010-04-01 17:13 . 2010-04-01 17:13 1064960 ----a-w- c:\programdata\mgs\cache\a\advancedslots1xxx_gao_jan_2010.d3c0a2c195757b5887793e496479436f.dll
2010-04-01 17:13 . 2010-04-01 17:13 925696 ----a-w- c:\programdata\mgs\cache\s\simplepickxofybonus_gao_jan_2010.734d2ae11536c3d1a34ecdb91aaab798.dll
2010-04-01 17:13 . 2010-04-01 17:13 925696 ----a-w- c:\programdata\mgs\cache\s\simplepickxofybonus_hellboy.ee1c177b2b367dc15184591e57db5798.dll
2010-04-01 17:12 . 2010-04-01 17:12 1478656 ----a-w- c:\programdata\mgs\cache\a\advancedslots1_novgao_09.51f332de91be61de7b100bafa017beaa.dll
2010-04-01 17:11 . 2010-04-01 17:11 258320 ----a-w- c:\programdata\mgs\cache\p\progvideopokersuite1.ca99dc47db380f019d0fe151171f8ad1.dll
2010-04-01 17:10 . 2010-04-01 17:10 246032 ----a-w- c:\programdata\mgs\cache\p\powerpokersuite1_nl.4b954e6e9e7bfe3947a12889040c706e.dll
2010-04-01 17:10 . 2010-04-01 17:10 225552 ----a-w- c:\programdata\mgs\cache\v\videopokersuite1.e45a40be28c5bc5514b9e806f30cdc6f.dll
2010-04-01 17:10 . 2010-04-01 17:10 290922 ----a-w- c:\programdata\mgs\cache\m\mpvcommunityslotsplugin.3d81e7021617be93688755b2da22dceb.dll
2010-04-01 17:10 . 2010-04-01 17:10 262252 ----a-w- c:\programdata\mgs\cache\w\wheelofwealthbonusplugin.92047ad5bdc826b2122a71a16afa227d.dll
2010-04-01 17:10 . 2010-04-01 17:10 98390 ----a-w- c:\programdata\mgs\cache\s\singleobjects.8ee24693860e1ddd1e27939e8eb192aa.dll
2010-04-01 17:10 . 2010-04-01 17:10 282699 ----a-w- c:\programdata\mgs\cache\s\slotxxx.d425f74ccb6f6455be09ebe426c90c75.dll
2010-04-01 17:10 . 2010-04-01 17:10 110674 ----a-w- c:\programdata\mgs\cache\s\slotdialogs.af11d23675e8fe4926883303d283fbd7.dll
2010-04-01 17:05 . 2010-04-01 17:05 589824 ----a-w- c:\programdata\mgs\cache\b\bjgoldplugin.794fbb37693eb8ea0687d012b6697332.dll
2010-04-01 16:28 . 2010-04-01 16:28 94208 ----a-w- c:\programdata\mgs\cache\l\lua51host.48a3eef79f6c47686708765ba7191022.dll
2010-04-01 16:28 . 2010-04-01 16:28 1552384 ----a-w- c:\programdata\mgs\cache\a\advancedslots1_scrooge.4a74d6dca5f468cf9ff454c064d74e05.dll
2010-04-01 16:05 . 2010-04-01 16:05 913680 ----a-w- c:\programdata\mgs\cache\a\advancedslots1_temp.1f8183fa66e67576038aca6f8bbaa5aa.dll
2010-04-01 16:05 . 2010-04-01 16:05 307300 ----a-w- c:\programdata\mgs\cache\m\mpvblackjackplugin.0b33c40e992b0cec60ff557d251457d2.dll
2010-04-01 16:05 . 2010-04-01 16:05 335976 ----a-w- c:\programdata\mgs\cache\m\mpvtabletournamentlobby.fc620794b1b18938b640573c722b3922.dll
2010-04-01 16:05 . 2010-04-01 16:05 311398 ----a-w- c:\programdata\mgs\cache\m\mpvblackjacktourxxx.96f2985eb296e0eeb1592aacd45d6e4c.dll
2010-04-01 16:04 . 2010-04-01 16:04 430080 ----a-w- c:\programdata\mgs\cache\m\menucore.08595c16f56be7b6980f488c077ad03d.dll
2010-03-26 12:37 . 2010-04-11 13:55 -------- d-----w- c:\program files\blue coat k9 web protection
2010-03-21 18:12 . 2010-03-21 18:12 -------- d-----w- c:\programdata\ahead
2010-03-14 09:29 . 2010-03-14 09:32 -------- d-----w- c:\users\patje\appdata\local\bearshare
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 14:02 . 2006-11-02 16:11 714616 ----a-w- c:\windows\system32\perfh013.dat
2010-04-11 14:02 . 2006-11-02 16:11 148342 ----a-w- c:\windows\system32\perfc013.dat
2010-04-11 13:26 . 2009-09-28 12:14 71119 ----a-w- c:\programdata\nvmodes.dat
2010-04-11 13:02 . 2007-12-02 11:05 680 ----a-w- c:\users\patje\appdata\local\d3d9caps.dat
2010-04-10 15:20 . 2009-09-29 19:08 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-09 14:55 . 2007-05-26 10:22 -------- d-----w- c:\programdata\spybot - search & destroy
2010-04-09 07:24 . 2007-05-15 09:08 -------- d-----w- c:\users\patje\appdata\roaming\image zone express
2010-03-21 18:11 . 2007-02-09 13:01 -------- d-----w- c:\program files\common files\ahead
2010-03-21 18:10 . 2007-02-09 13:01 -------- d-----w- c:\programdata\nero
2010-03-14 16:53 . 2007-02-09 12:34 -------- d--h--w- c:\program files\installshield installation information
2010-03-13 08:35 . 2009-11-15 20:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 08:35 . 2009-11-15 20:23 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 08:35 . 2009-11-15 20:23 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 08:11 . 2007-03-21 20:56 116536 ----a-w- c:\users\patje\appdata\local\gdipfontcachev1.dat
2010-03-12 08:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\windows mail
2010-03-06 12:08 . 2009-01-23 08:44 -------- d-----w- c:\users\patje\appdata\roaming\belastingdienst
2010-02-24 08:16 . 2009-10-10 08:49 181632 ------w- c:\windows\system32\mpsigstub.exe
2010-02-23 06:39 . 2010-04-10 09:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-10 09:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-10 09:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-10 09:24 133632 ----a-w- c:\windows\system32\ieunatt.exe
2010-02-22 20:18 . 2010-02-22 20:18 -------- d-----w- c:\programdata\office genuine advantage
2010-02-22 19:55 . 2009-07-02 17:22 -------- d-----w- c:\programdata\microsoft help
2010-02-22 19:54 . 2009-07-02 17:28 -------- d-----w- c:\program files\microsoft works
2010-02-22 18:19 . 2007-03-22 13:48 -------- d-----w- c:\programdata\nvidia
2010-02-22 18:18 . 2009-09-27 16:28 -------- d-----w- c:\program files\nvidia corporation
2010-02-22 18:18 . 2007-05-24 12:18 -------- d-----w- c:\program files\common files\wise installation wizard
2010-02-22 18:18 . 2009-01-24 12:39 -------- d-----w- c:\program files\ageia technologies
2010-02-21 13:05 . 2008-03-09 16:18 -------- d-----w- c:\program files\microsoft silverlight
2010-02-20 23:39 . 2010-03-12 07:12 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-12 07:12 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-12 07:12 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-14 16:59 . 2008-07-28 18:09 66872 ----a-w- c:\windows\system32\pnkbstra.exe
2010-02-12 10:48 . 2010-03-12 07:56 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-25 12:48 . 2010-03-12 07:58 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-03-12 07:58 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-03-12 07:58 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-03-12 07:58 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-03-12 07:58 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-03-12 07:58 346624 ----a-w- c:\windows\system32\rmactivate_ssp_isv.exe
2010-01-25 08:35 . 2010-03-12 07:58 523776 ----a-w- c:\windows\system32\rmactivate_isv.exe
2010-01-25 08:34 . 2010-03-12 07:58 511488 ----a-w- c:\windows\system32\rmactivate.exe
2010-01-25 08:34 . 2010-03-12 07:58 347136 ----a-w- c:\windows\system32\rmactivate_ssp.exe
2010-01-23 09:44 . 2010-02-24 09:18 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-22 14:04 . 2007-03-24 15:22 115968 ----a-w- c:\users\administrator\appdata\local\gdipfontcachev1.dat
2010-01-15 10:39 . 2010-01-15 10:39 1482752 ----a-w- c:\programdata\mgs\cache\a\advancedslots1_septgao_09.7dc488ed3eadaa7b6b5d08dbca4c71cf.dll
2010-01-15 10:39 . 2010-01-15 10:39 1609728 ----a-w- c:\programdata\mgs\cache\a\advancedslots1_tggg.1a1d0cf38dbf32cac78a651320f71d98.dll
2010-01-15 10:39 . 2010-01-15 10:39 417883 ----a-w- c:\programdata\mgs\cache\m\mptadvancedslots.ffdb8625479be3b53b8d19f7d778e3ab.dll
2010-01-15 10:39 . 2010-01-15 10:39 1478656 ----a-w- c:\programdata\mgs\cache\a\advancedslots1_wealthspa.1d6c52060a19ffc8e8529c6648d8f610.dll
2010-01-15 10:39 . 2010-01-15 10:39 823568 ----a-w- c:\programdata\mgs\cache\a\advancedslots1_temp2.46a4643f83fb4fee5edbd7b72ebf781d.dll
2010-01-15 10:39 . 2010-01-15 10:39 1638400 ----a-w- c:\programdata\mgs\cache\a\advancedslots1_summerholiday.246c971e5683180dd3d0e381fb6d8651.dll
2010-01-15 10:39 . 2010-01-15 10:39 823568 ----a-w- c:\programdata\mgs\cache\a\advancedslots1.a5649140bdbd3a1f7c08b381be6f0a22.dll
2010-01-15 10:39 . 2010-01-15 10:39 1482752 ----a-w- c:\programdata\mgs\cache\a\advancedslots1_octgao_09.27dbd220adee9f16140622d34764fadb.dll
2010-01-15 10:39 . 2010-01-15 10:39 1626112 ----a-w- c:\programdata\mgs\cache\a\advancedslots1_flightzone.120e06d45a565cdc8a97a294773b7eb8.dll
2010-01-15 10:39 . 2010-01-15 10:39 213090 ----a-w- c:\programdata\mgs\cache\m\mptleaderboard.5a678c57a8ed645b49592a1121fd619f.dll
2010-01-15 10:38 . 2010-01-15 10:38 61440 ----a-w- c:\programdata\mgs\cache\v\void.5906d6629c0a883b5e8bb60494d24d1d.dll
2010-01-15 10:38 . 2010-01-15 10:38 430080 ----a-w- c:\programdata\mgs\cache\m\menucore.ee2856a9488e195d9b901fec63be0951.dll
2010-01-11 21:18 . 2010-01-11 21:18 962664 ----a-w- c:\windows\system32\nvsvc.dll
2010-01-11 21:18 . 2010-01-11 21:18 1515112 ----a-w- c:\windows\system32\nvsvcr.dll
2010-01-11 21:18 . 2010-01-11 21:18 13679720 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:18 . 2010-01-11 21:18 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-01-11 21:18 . 2010-01-11 21:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
2008-03-14 07:48 . 2008-03-14 07:47 24 --sha-w- c:\windows\s5a616adf(169).tmp
2008-03-14 07:48 . 2008-03-14 07:47 24 --sha-w- c:\windows\s5a616adf(231).tmp
2008-03-14 07:48 . 2008-03-14 07:47 24 --sha-w- c:\windows\s5a616adf(690).tmp
2008-03-14 07:48 . 2008-03-14 07:47 24 --sh--w- c:\windows\s5a616adf.tmp
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
[hkey_current_user\software\microsoft\windows\currentversion\run]
"wmpnscfg"=c:\program files\windows media player\wmpnscfg.exe [2008-01-19 202240]
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"rthdvcpl"="rthdvcpl.exe" [2007-01-18 4349952]
"quicktime task"=c:\program files\quicktime\qttask.exe [2007-04-30 77824]
c:\users\patje\appdata\roaming\microsoft\windows\start menu\programs\startup\~disabled
onenote 2007 schermopname en snel starten.lnk - c:\program files\microsoft office\office12\onenotem.exe [2008-10-25 98696]
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"enablelua"= 0 (0x0)
"enableuiadesktoptoggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\avgrsstx.dll
[hkey_local_machine\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\windefend]
@="service"
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher]
2009-12-18 07:58 40368 ----a-w- c:\program files\adobe\reader 8.0\reader\reader_sl.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\shockwave updater]
2008-08-06 14:30 447928 ----a-w- c:\windows\system32\adobe\shockwave 11\swhelper_1100465.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched]
2009-10-11 03:17 149280 ----a-w- c:\program files\java\jre6\bin\jusched.exe
[hkey_local_machine\software\microsoft\security center\svc\s-1-5-21-3691576666-3706752153-3734997459-1000]
"enablenotificationsref"=dword:00000001
[hkey_local_machine\software\microsoft\security center\svc\s-1-5-21-3691576666-3706752153-3734997459-500]
"enablenotificationsref"=dword:00000001
r0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-11-14 717296]
r3 3xhybrid;philips saa713x pci card;c:\windows\system32\drivers\3xhybrid.sys [2007-01-08 1136600]
r3 fnetthjm;freecom turbo usb 2.0;c:\windows\system32\drivers\fnetthjm.sys [2009-08-22 23936]
r3 ggflt;semc usb flash driver filter;c:\windows\system32\drivers\ggflt.sys [2009-05-22 13224]
r3 hitmanpro3;hitman pro 3 support driver;c:\windows\system32\drivers\hitmanpro3.sys [x]
r3 jgameenp;jgameenp;c:\users\patje\appdata\local\temp\jgameenp.sys [x]
r3 snp325;usb pc camera (snpstd325);c:\windows\system32\drivers\snp325.sys [x]
r4 ramdisk;ar soft ram disk service;c:\windows\system32\drivers\ramdisk.sys [2008-02-10 10431]
s1 avgldx86;avg free avi loader driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-03-13 216200]
s1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-12-11 74088]
s2 acedrv06;acedrv06;c:\windows\system32\drivers\acedrv06.sys [2007-08-07 99840]
s2 avg9wd;avg free watchdog;c:\program files\avg\avg9\avgwdsvc.exe [2010-03-13 308064]
s2 bckwfs;blue coat k9 web protection;c:\program files\blue coat k9 web protection\k9filter.exe [2009-12-11 1078632]
s2 sbsdwscservice;sbsd security center service;c:\program files\spybot - search & destroy\sdwinsec.exe [2008-01-28 810320]
s3 netr73;rt73 usb wireless lan card driver for vista;c:\windows\system32\drivers\netr73.sys [2008-02-26 493568]
s3 ph3xib32;philips 713x inbox pci tv card;c:\windows\system32\drivers\ph3xib32.sys [2007-04-03 1131136]
s3 x10hid;x10 hid device;c:\windows\system32\drivers\x10hid.sys [2006-11-17 13976]
[hkey_local_machine\software\microsoft\windows nt\currentversion\svchost]
hpz12 reg_multi_sz pml driver hpz12 net driver hpz12
hpdevmgmt reg_multi_sz hpqcxs08 hpqddsvc
.
inhoud van de 'gedeelde taken' map
2010-04-11 c:\windows\tasks\user_feed_synchronization-{8439a80f-6754-45b6-ba01-383c6be1b189}.job
- c:\windows\system32\msfeedssync.exe [2010-04-10 04:54]
2010-04-10 c:\windows\tasks\user_feed_synchronization-{f75e5687-b71b-4ad8-9e48-ec2a3f5d4a75}.job
- c:\windows\system32\msfeedssync.exe [2010-04-10 04:54]
.
.
------- bijkomende scan -------
.
ustart page = hxxp://www.google.nl/
uinternet settings,proxyoverride = *.local
ie: {{b4b52284-a248-4c51-9f7c-f0a0c67fcc9d} - c:\programs\partygaming\partycasino\runcasino.exe
ie: {{c53bfcfc-7a54-4627-aeba-2cd4871fca97} - c:\microgaming\poker\unibetpokermpp\mppoker.exe
tcp: {2dd39030-53fc-407b-adf9-670b2fa466ba} = 62.45.45.45,62.45.46.46
tcp: {a8e48d0a-0287-4071-ade6-1670743f04be} = 62.45.45.45,62.45.46.46
dpf: {63d6dd13-c913-466d-9444-9357561e4d94} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab
.
- - - - orphans verwijderd - - - -
bho-{0eaaec6b-382f-45f9-986d-42b21bed1a6b} - (no file)
toolbar-locked - (no file)
addremove-need for speed high stakes - j:\nfshs\uninst.isu
**************************************************************************
catchme 0.3.1398 w2k/xp/vista - rootkit/stealth malware detector by gmer, [noparse]http://www.gmer.net[/noparse]
rootkit scan 2010-04-11 16:05
windows 6.0.6001 service pack 1 ntfs
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- vergrendelde register sleutels ---------------------
[hkey_users\s-1-5-21-3691576666-3706752153-3734997459-1000\software\securom\license information*]
"datasecu"=hex:4f,f4,e2,dc,f7,b6,e8,87,37,29,34,34,72,43,52,e3,ba,a2,17,0d,1e,
6a,1b,ab,1a,ff,5b,c5,88,f0,b5,ee,c6,a1,6e,9f,31,e7,ef,47,ea,3b,63,1f,7d,8f,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
voltooingstijd: 2010-04-11 16:07:59
combofix-quarantined-files.txt 2010-04-11 14:07
pre-run: 38.739.906.560 bytes beschikbaar
post-run: 38.686.236.672 bytes beschikbaar
- - end of file - - 09a2de6754ffebef41600676e3286b1a

[/hjt]

 

[Abraham54]

Re: opstart vista traag door stuurprogramma

Google kent het niet!

Wat is dit: goldseriestripleactionholdempoker en waar komt het vandaan?

 

[Miloetje]

Re: opstart vista traag door stuurprogramma

ik heb van unibet poker erop staan en van partypoker. Verder zou het van Hoyle casino 3D kunnen zijn. Verder zegt het mij niets.

 

[Abraham54]

Re: opstart vista traag door stuurprogramma

Hallo Milou, doe nu eerst het volgende:

Download en installeer HijackThis Versie 2.03 (klik)

• Installeer HijackThis op de aangegeven lokatie - alleen dan kan HijackThis back-ups maken!
• N.B.: Gebruikers van Windows Vista en Windows 7 starten het tool middels rechtsklik en klikken dan op Als Administrator uitvoeren!
• Sluit nu alle openstaane vensters en start vervolgens HijackThis en kies voor Do a system scan and save a logfile
• Ga naar DDRMMR's kleurcodeerder (Klik)
• Kopieer en plak de inhoud van de logfile in het venster en klik op de knop Converteer
• Kopieer en plak de inhoud van de kleurcodeerder in je aansluitende bericht.

• Tevens een Uninstall-lijst posten:
• start HijackThis,
• klik op de knop Open the Misc Tools section,
• klik op de knop Open Uninstall Manager
• Klik op de knop Save.

 

[Miloetje]

Re: opstart vista traag door stuurprogramma

en bijgaand de log, uninstall lijst post ik hierna:

[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:52, on 11-4-2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
c:\windows\system32\taskeng.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\conime.exe
c:\windows\explorer.exe
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\avg\avg9\avgtray.exe
c:\windows\system32\searchfilterhost.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
c:\windows\system32\searchprotocolhost.exe

r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.google.nl/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
o1 - hosts: ::1 localhost
o2 - bho: adobe pdf reader help bij koppelingen - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: spybot-s&d ie protection - {53707962-6f74-2d53-2644-206d7942484f} - j:\spybot~1\sdhelper.dll
o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
o2 - bho: ssvhelper class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
o4 - hklm\..\run: [rthdvcpl] rthdvcpl.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hkcu\..\run: [wmpnscfg] c:\program files\windows media player\wmpnscfg.exe
o4 - startup: ~disabled
o9 - extra button: verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~3\office12\onbttnie.dll
o9 - extra 'tools' menuitem: verz&enden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~3\office12\onbttnie.dll
o9 - extra button: skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~3\office12\refiebar.dll
o9 - extra button: partycasino.com - {b4b52284-a248-4c51-9f7c-f0a0c67fcc9d} - c:\programs\partygaming\partycasino\runcasino.exe
o9 - extra 'tools' menuitem: partycasino.com - {b4b52284-a248-4c51-9f7c-f0a0c67fcc9d} - c:\programs\partygaming\partycasino\runcasino.exe
o9 - extra button: partypoker.com - {b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} - c:\programs\partygaming\partypoker\runapp.exe
o9 - extra 'tools' menuitem: partypoker.com - {b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} - c:\programs\partygaming\partypoker\runapp.exe
o9 - extra button: unibet poker - {c53bfcfc-7a54-4627-aeba-2cd4871fca97} - c:\microgaming\poker\unibetpokermpp\mppoker.exe
o9 - extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - j:\spybot~1\sdhelper.dll
o9 - extra 'tools' menuitem: spybot - search & destroy configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - j:\spybot~1\sdhelper.dll
o16 - dpf: {1e54d648-b804-468d-bc78-4affed8e262f} (system requirements lab) - [noparse]http://www.nvidia.com/content/driverdownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab[/noparse]
o16 - dpf: {63d6dd13-c913-466d-9444-9357561e4d94} (upload-applicatie control) - [noparse]http://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab[/noparse]
o16 - dpf: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (muwebcontrol class) - [noparse]http://www.update.microsoft.com/microsoftupdate/v6/v5controls/en/x86/client/muweb_site.cab?1258397920119[/noparse]
o16 - dpf: {73ecb3aa-4717-450c-a2ab-d00dad9ee203} (gmnrev class) - [noparse]http://h20270.www2.hp.com/ediags/gmn2/install/hpproductdetection2.cab[/noparse]
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - [noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse]
o16 - dpf: {ffb3a759-98b1-446f-bda9-909c6eb18cc7} (pcpitstop exam) - [noparse]http://utilities.pcpitstop.com/da2/pcpitstop2.cab[/noparse]
o17 - hklm\system\ccs\services\tcpip\..\{2dd39030-53fc-407b-adf9-670b2fa466ba}: nameserver = 62.45.45.45,62.45.46.46
o17 - hklm\system\ccs\services\tcpip\..\{a8e48d0a-0287-4071-ade6-1670743f04be}: nameserver = 62.45.45.45,62.45.46.46
o17 - hklm\system\cs1\services\tcpip\..\{2dd39030-53fc-407b-adf9-670b2fa466ba}: nameserver = 62.45.45.45,62.45.46.46
o17 - hklm\system\cs2\services\tcpip\..\{2dd39030-53fc-407b-adf9-670b2fa466ba}: nameserver = 62.45.45.45,62.45.46.46
o18 - protocol: skype4com - {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} - c:\progra~1\common~1\skype\skype4com.dll
o20 - appinit_dlls: c:\windows\system32\avgrsstx.dll
o23 - service: avg free watchdog (avg9wd) - avg technologies cz, s.r.o. - c:\program files\avg\avg9\avgwdsvc.exe
o23 - service: blue coat k9 web protection (bckwfs) - blue coat systems, inc. - c:\program files\blue coat k9 web protection\k9filter.exe
o23 - service: nvidia display driver service (nvsvc) - nvidia corporation - c:\windows\system32\nvvsvc.exe
o23 - service: plflash deviceiocontrol service - prolific technology inc. - c:\windows\system32\ioctlsvc.exe
o23 - service: sbsd security center service (sbsdwscservice) - safer networking ltd. - c:\program files\spybot - search & destroy\sdwinsec.exe
o23 - service: x10 device network service (x10nets) - x10 - c:\progra~1\common~1\x10\common\x10nets.exe
--
end of file - 6411 bytes

[/hjt]
--- automatische edit ---
en bijgaand de uninstall list:

32 Bit HP CIO Components Installer
Aangifte inkomstenbelasting 2007
Aangifte inkomstenbelasting 2008
Aangifte inkomstenbelasting 2009
ACE-HIGH MP3 WAV WMA OGG Converter
Activprimary Viewer v3.6
Adobe Color Common Settings
Adobe Color Common Settings
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.1 - Nederlands
Adobe Setup
Adobe Setup
Adobe Shockwave Player 11.5
Agics Hashscan 1.0.0.9
AmbraSoft Familiepakket 0910 Demo
Ankh
AVG Free 9.0
Barbie(R) Top Model
Barbie(TM) als IJsprinses
Barbie(TM) als Rapunzel
Barbie(TM) en de magie van Pegasus
Barbie(TM) Horse Adventures(TM)
Barbie(TM) in het Zwanenmeer
Barbie Paardrijclub
Blue Coat K9 Web Protection 4.0.296
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Casper Het geheimenkasteel
CCleaner
Choice Guard
Citrix XenApp Web Plugin
CloneCD
Compatibiliteitspakket voor het 2007 Microsoft Office system
Convert AVI to MP4 1.3
Dora Rugzak
EasyBCD 1.7.2
Electronic Arts Game Updater
Eusing Free Registry Cleaner
EVEREST Home Edition v2.20
Extensie voor Windows Live Toolbar (Windows Live Toolbar)
Free 3GP Video Converter version 3.2
Free PDF to Word Doc Converter v1.1
GameCenter
Google Earth
Google Earth
Google Update Helper
Grand Theft Auto IV
Guild Wars
Hattrick Coach Professional 2.9.80
HijackThis 2.0.2
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Howie's Grote Woord Avontuur
Hoyle Casino 3D
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Product Detection
HP Solution Center 8.0
HP Update
HPSSupply
IsoBuster 2.5.5
Java(TM) 6 Update 17
Java(TM) 6 Update 7
Kruidvat fotoservice
LEGO Friends
MakeDisc
Malwarebytes' Anti-Malware
MAME Classic
Markeringviewer (Windows Live Toolbar)
MCE Software Encoder 1.1
MediaShow 3.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 Language Pack SP1 - nld
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Outlook Web Access S/MIME
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mijn kat en ik
Mouse Joypad V1.0
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed Most Wanted
Need for Speed Undercover
Nero 7 Essentials
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
OGA Notifier 2.0.0048.0
OpenAL
PartyCasino
PartyPoker
PowerCinema Linux 5.0
PowerDirector
PowerDVD
PowerProducer
Pro Cycling Manager - Saison 2006
PVSonyDll
QuickTime
Realtek High Definition Audio Driver
Rockstar Games Social Club
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype 3.6
Smart Menu's (Windows Live Toolbar)
Soldiers - Heroes of World War II
Spybot - Search & Destroy
Switch Sound File Converter
System Requirements Lab
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
The Battle for Middle-earth(tm)
Typecursus
Ulead PhotoImpact 12
Unibet Casino
Unibet Poker
Uninstall 1.0.0.1
Universal Document Converter
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Word 2007 (KB974561)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
VIA Platform apparaatbeheer
Web Album Generator 1.8.2
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Toolbar
Windows Media Player Firefox Plugin
WinPad v3.04.1
WinRAR
X10 Hardware(TM)
XviD MPEG-4 Video Codec

 

[Abraham54]

Re: opstart vista traag door stuurprogramma

Hallo Milou, zegt dit bedrijf jou iets:

netname: KABELFOON
descr: Postbus 45
descr: NL-2670 AA Naaldwijk
country: NL

Bovenstaande gegevens gevonden via regel 017 van je HijackThis log.

 

[Miloetje]

Re: opstart vista traag door stuurprogramma

Yep, dat is onze internetprovider Caiway.

 

[Abraham54]

Re: opstart vista traag door stuurprogramma

Hallo Milou, dat goldseriestripleactionholdempoker is op 1 april j.l. in je computer genstalleerd.

Zegt dat jou nu wel iets of zijn er mogelijk meerdere gebruikers op deze computer?

 

[Miloetje]

Re: opstart vista traag door stuurprogramma

1 april jl heb ik zeker niets geinstalleerd, zijn niet meerdere gebruikers (in de zin van useraccounts) op deze computer . Het zegt mij ook helemaal niets!

 

[Abraham54]

Re: opstart vista traag door stuurprogramma

Hallo Milou, ik ga deze toestand overleggen, om zeker te gaan wat te doen.
Ik kom erop terug.

 

[Miloetje]

Re: opstart vista traag door stuurprogramma

ok, thanks voor zover. Ik wacht rustig af.

 

[Abraham54]

Hallo Miloe, de bestanden die in jouw Windows zijn gezet op 1 april zijn hoogstwaarschijnlijk afkomstig van Unibet!

Doe het volgende: open een nieuw kladblok bestand. (Start>Alle programmas>Bureau-accessoires>Kladblok),
kopieer en plak de volgende (vetgedrukte, blauwe tekst) in een leeg venster


File::
c:\windows\s5a616adf(169).tmp
c:\windows\s5a616adf(231).tmp
c:\windows\s5a616adf(690).tmp
c:\windows\s5a616adf.tmp


Ga naar Bestand - Opslaan als.

• Bij Opslaan in kies je: Bureaublad
• Bij Bestandsnaam zet je: CFScript.txt
• Bij Opslaan als type selecteer je: Alle bestanden (*.*)
• Klik vervolgens op de knop Opslaan

Nu eerst de antivirus deaktiveren!


Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.


Post het Combofix log dat na het opnieuw starten wordt getoond!

 

[Miloetje]

Hoi Abraham, hopelijk heb ik het allemaal goed gedaan. Na een melding over dat er nog "drivers actief" (ik denk van isobuster) waren. Werd de computer opnieuw opgestart door combofix en gescanned en kwam uiteindelijk onderstaand log eruit:

ComboFix 10-04-12.01 - patje 12-04-2010 19:00:11.2.2 - x86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.31.1043.18.3070.2261 [GMT 2:00]
Gestart vanuit: c:\users\patje\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\patje\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

FILE ::
"c:\windows\s5a616adf(169).tmp"
"c:\windows\s5a616adf(231).tmp"
"c:\windows\s5a616adf(690).tmp"
"c:\windows\s5a616adf.tmp"
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\s5a616adf(169).tmp
c:\windows\s5a616adf(231).tmp
c:\windows\s5a616adf(690).tmp
c:\windows\s5a616adf.tmp . . . . konden niet verwijderd worden

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-03-12 to 2010-04-12 ))))))))))))))))))))))))))))))
.

2010-04-12 17:06 . 2010-04-12 17:20 -------- d-----w- c:\users\patje\AppData\Local\temp
2010-04-12 17:06 . 2010-04-12 17:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-12 17:06 . 2010-04-12 17:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-12 17:06 . 2010-04-12 17:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-04-11 17:58 . 2010-04-11 17:58 -------- d-----w- c:\program files\Common Files\Java
2010-04-11 16:20 . 2010-04-11 16:20 -------- d-----w- c:\program files\Trend Micro
2010-04-11 12:52 . 2010-04-11 12:52 -------- d-----w- C:\VundoFix Backups
2010-04-11 10:51 . 2010-04-11 10:51 -------- d-----w- c:\users\patje\AppData\Roaming\Malwarebytes
2010-04-11 10:51 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-11 10:51 . 2010-04-11 10:51 -------- d-----w- c:\programdata\Malwarebytes
2010-04-11 10:51 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 19:24 . 2010-04-09 19:24 688128 ----a-w- c:\programdata\MGS\cache\t\transition_gao_apr_2010.791a557334b6a04d9e4145fe55634dc0.dll
2010-04-09 19:24 . 2010-04-09 19:24 626688 ----a-w- c:\programdata\MGS\cache\g\gamble2_gao_apr_2010.79da078c1366250640dc5a6500c321de.dll
2010-04-09 19:24 . 2010-04-09 19:24 1585152 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_gao_apr_2010.022c08b32efc0c5396c90a2264e8b41f.dll
2010-04-09 19:24 . 2010-04-09 19:24 1069056 ----a-w- c:\programdata\MGS\cache\a\advancedslots1xxx_gao_apr_2010.2199d362fdef45f7fa87f3ad5772e9c0.dll
2010-04-09 19:24 . 2010-04-09 19:24 933888 ----a-w- c:\programdata\MGS\cache\s\simplepickxofybonus_gao_apr_2010.7451c7a7403bac527dc9e91858d66a35.dll
2010-04-09 19:14 . 2010-04-09 19:14 94208 ----a-w- c:\programdata\MGS\cache\l\lua51host.668670e33723f8f8763a1e128bf0ba1b.dll
2010-04-09 19:13 . 2010-04-09 19:13 61440 ----a-w- c:\programdata\MGS\cache\v\void.ad81709fa9924561f9a166574fbcd583.dll
2010-04-09 19:13 . 2010-04-09 19:13 430080 ----a-w- c:\programdata\MGS\cache\m\menucore.8994833bb1ff066b3216bdecd5a9f4c6.dll
2010-04-09 14:49 . 2010-04-09 14:49 -------- d-----w- c:\users\patje\AppData\Roaming\AVG9
2010-04-08 11:27 . 2010-04-08 11:27 -------- d-----w- c:\program files\NCH Software
2010-04-08 11:24 . 2010-04-08 11:24 -------- d-----w- c:\programdata\NCH Swift Sound
2010-04-08 11:24 . 2010-04-08 11:24 -------- d-----w- c:\program files\NCH Swift Sound
2010-04-08 11:24 . 2010-04-08 11:24 -------- d-----w- c:\users\patje\AppData\Roaming\NCH Swift Sound
2010-04-01 17:37 . 2010-04-01 17:37 221184 ----a-w- c:\programdata\MGS\cache\g\goldseriestripleactionholdempokerstatsplugin.5e32c61188363218acf114870d90241e.dll
2010-04-01 17:37 . 2010-04-01 17:37 540672 ----a-w- c:\programdata\MGS\cache\g\goldseriestripleactionholdempokerxxx.e854f9f411ec0d8827ade1c7aef58516.dll
2010-04-01 17:37 . 2010-04-01 17:37 671744 ----a-w- c:\programdata\MGS\cache\g\goldseriestripleactionholdempokerplugin.f55f8f2fd50979a9ee32bc4e38796bdc.dll
2010-04-01 17:36 . 2010-04-01 17:36 851968 ----a-w- c:\programdata\MGS\cache\b\biathlonbonus.1867224e07f193acaf7efbba325b104b.dll
2010-04-01 17:36 . 2010-04-01 17:36 1064960 ----a-w- c:\programdata\MGS\cache\a\advancedslots1xxx_gao_feb_2010.78a92f7abf80927925a5a04a8a7a481e.dll
2010-04-01 17:36 . 2010-04-01 17:36 847872 ----a-w- c:\programdata\MGS\cache\s\skateskiingbonus.1e05deb9d58eaa64b9e713886fa55db6.dll
2010-04-01 17:36 . 2010-04-01 17:36 843776 ----a-w- c:\programdata\MGS\cache\b\bobsleighbonus.356384aca809d8c83267afe4901796dd.dll
2010-04-01 17:36 . 2010-04-01 17:36 1232896 ----a-w- c:\programdata\MGS\cache\l\lovepotionbonus.26212e95341ecdba1e5c1d54ed29f8e1.dll
2010-04-01 17:36 . 2010-04-01 17:36 626688 ----a-w- c:\programdata\MGS\cache\g\gamble2_gao_feb_2010.970a443b3bdc2b8c33dfd5bf701780cf.dll
2010-04-01 17:36 . 2010-04-01 17:36 684032 ----a-w- c:\programdata\MGS\cache\t\transition_gao_feb_2010.d21e90b2a2cc4ebc389bcfd4fc0416dc.dll
2010-04-01 17:36 . 2010-04-01 17:36 847872 ----a-w- c:\programdata\MGS\cache\w\wheelbonus.75b36445efb15d4c2d14a7600496c6a2.dll
2010-04-01 17:36 . 2010-04-01 17:36 1581056 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_gao_feb_2010.b0456ffafe9833a9cb73d756fc6bdec3.dll
2010-04-01 17:22 . 2010-04-01 17:22 708608 ----a-w- c:\programdata\MGS\cache\t\transition_gao_mar_2010.00e558dbf98f160d236f0e738de93c37.dll
2010-04-01 17:22 . 2010-04-01 17:22 1650688 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_gao_mar_2010.011b7c042032e11252156706d78b5e83.dll
2010-04-01 17:22 . 2010-04-01 17:22 950272 ----a-w- c:\programdata\MGS\cache\s\simplepickxofybonus_gao_mar_2010.e5e91d49a18e4440b5a76ddd6446140c.dll
2010-04-01 17:22 . 2010-04-01 17:22 1224704 ----a-w- c:\programdata\MGS\cache\a\advancedslots1xxx_gao_mar_2010.05a7fd71980574f91eb4c1420f71b1f7.dll
2010-04-01 17:20 . 2010-04-01 17:20 684032 ----a-w- c:\programdata\MGS\cache\a\arcticfortunetransition.cdb6c11f100d3a3cb0c0550c21b277e4.dll
2010-04-01 17:20 . 2010-04-01 17:20 1568768 ----a-w- c:\programdata\MGS\cache\a\arcticfortune.b328b57943682e2d7fd4847916ff9b2b.dll
2010-04-01 17:20 . 2010-04-01 17:20 1232896 ----a-w- c:\programdata\MGS\cache\a\arcticfortune_gspider.770d41ad6c8d6246716f0968e4501795.dll
2010-04-01 17:20 . 2010-04-01 17:20 1236992 ----a-w- c:\programdata\MGS\cache\a\arcticfortune_spiderbonus.c6f7df06987955caf77bb513ebf7e5b5.dll
2010-04-01 17:20 . 2010-04-01 17:20 1064960 ----a-w- c:\programdata\MGS\cache\a\arcticfortunexxx.88b69b79191872d92329d1cfa9817586.dll
2010-04-01 17:20 . 2010-04-01 17:20 1224704 ----a-w- c:\programdata\MGS\cache\a\arcticfortune_crankbonus.79fd1aae910e128f743d90232d089b3b.dll
2010-04-01 17:13 . 2010-04-01 17:13 1572864 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_hellboy.cde3facca4e62dd1980118b9f69c127f.dll
2010-04-01 17:13 . 2010-04-01 17:13 1572864 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_gao_jan_2010.27798ac5c513c88d4f74b2fc87b9bf6e.dll
2010-04-01 17:13 . 2010-04-01 17:13 626688 ----a-w- c:\programdata\MGS\cache\g\gamble2_hellboy.ef7dfe9e02564671f52a95d839e51b8d.dll
2010-04-01 17:13 . 2010-04-01 17:13 1064960 ----a-w- c:\programdata\MGS\cache\a\advancedslots1xxx_hellboy.0200f4406079039e4f9f4fd4269c6144.dll
2010-04-01 17:13 . 2010-04-01 17:13 684032 ----a-w- c:\programdata\MGS\cache\t\transition_hellboy.2389dbbb7a92af30b5bb4e62701f18a5.dll
2010-04-01 17:13 . 2010-04-01 17:13 626688 ----a-w- c:\programdata\MGS\cache\g\gamble2_gao_jan_2010.114da6697b16a4308920de3f00df9d11.dll
2010-04-01 17:13 . 2010-04-01 17:13 684032 ----a-w- c:\programdata\MGS\cache\t\transition_gao_jan_2010.6ce545b01335b0127c2a55cc392a24e6.dll
2010-04-01 17:13 . 2010-04-01 17:13 1064960 ----a-w- c:\programdata\MGS\cache\a\advancedslots1xxx_gao_jan_2010.d3c0a2c195757b5887793e496479436f.dll
2010-04-01 17:13 . 2010-04-01 17:13 925696 ----a-w- c:\programdata\MGS\cache\s\simplepickxofybonus_gao_jan_2010.734d2ae11536c3d1a34ecdb91aaab798.dll
2010-04-01 17:13 . 2010-04-01 17:13 925696 ----a-w- c:\programdata\MGS\cache\s\simplepickxofybonus_hellboy.ee1c177b2b367dc15184591e57db5798.dll
2010-04-01 17:12 . 2010-04-01 17:12 1478656 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_novgao_09.51f332de91be61de7b100bafa017beaa.dll
2010-04-01 17:11 . 2010-04-01 17:11 258320 ----a-w- c:\programdata\MGS\cache\p\progvideopokersuite1.ca99dc47db380f019d0fe151171f8ad1.dll
2010-04-01 17:10 . 2010-04-01 17:10 246032 ----a-w- c:\programdata\MGS\cache\p\powerpokersuite1_nl.4b954e6e9e7bfe3947a12889040c706e.dll
2010-04-01 17:10 . 2010-04-01 17:10 225552 ----a-w- c:\programdata\MGS\cache\v\videopokersuite1.e45a40be28c5bc5514b9e806f30cdc6f.dll
2010-04-01 17:10 . 2010-04-01 17:10 290922 ----a-w- c:\programdata\MGS\cache\m\mpvcommunityslotsplugin.3d81e7021617be93688755b2da22dceb.dll
2010-04-01 17:10 . 2010-04-01 17:10 262252 ----a-w- c:\programdata\MGS\cache\w\wheelofwealthbonusplugin.92047ad5bdc826b2122a71a16afa227d.dll
2010-04-01 17:10 . 2010-04-01 17:10 98390 ----a-w- c:\programdata\MGS\cache\s\singleobjects.8ee24693860e1ddd1e27939e8eb192aa.dll
2010-04-01 17:10 . 2010-04-01 17:10 282699 ----a-w- c:\programdata\MGS\cache\s\slotxxx.d425f74ccb6f6455be09ebe426c90c75.dll
2010-04-01 17:10 . 2010-04-01 17:10 110674 ----a-w- c:\programdata\MGS\cache\s\slotdialogs.af11d23675e8fe4926883303d283fbd7.dll
2010-04-01 17:05 . 2010-04-01 17:05 589824 ----a-w- c:\programdata\MGS\cache\b\bjgoldplugin.794fbb37693eb8ea0687d012b6697332.dll
2010-04-01 16:28 . 2010-04-01 16:28 94208 ----a-w- c:\programdata\MGS\cache\l\lua51host.48a3eef79f6c47686708765ba7191022.dll
2010-04-01 16:28 . 2010-04-01 16:28 1552384 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_scrooge.4a74d6dca5f468cf9ff454c064d74e05.dll
2010-04-01 16:05 . 2010-04-01 16:05 913680 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_temp.1f8183fa66e67576038aca6f8bbaa5aa.dll
2010-04-01 16:05 . 2010-04-01 16:05 307300 ----a-w- c:\programdata\MGS\cache\m\mpvblackjackplugin.0b33c40e992b0cec60ff557d251457d2.dll
2010-04-01 16:05 . 2010-04-01 16:05 335976 ----a-w- c:\programdata\MGS\cache\m\mpvtabletournamentlobby.fc620794b1b18938b640573c722b3922.dll
2010-04-01 16:05 . 2010-04-01 16:05 311398 ----a-w- c:\programdata\MGS\cache\m\mpvblackjacktourxxx.96f2985eb296e0eeb1592aacd45d6e4c.dll
2010-04-01 16:04 . 2010-04-01 16:04 430080 ----a-w- c:\programdata\MGS\cache\m\menucore.08595c16f56be7b6980f488c077ad03d.dll
2010-03-26 12:37 . 2010-04-12 17:08 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2010-03-21 18:12 . 2010-03-21 18:12 -------- d-----w- c:\programdata\Ahead
2010-03-14 09:29 . 2010-03-14 09:32 -------- d-----w- c:\users\patje\AppData\Local\BearShare

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 17:20 . 2009-09-28 12:14 71119 ----a-w- c:\programdata\nvModes.dat
2010-04-12 17:15 . 2006-11-02 16:11 714616 ----a-w- c:\windows\system32\perfh013.dat
2010-04-12 17:15 . 2006-11-02 16:11 148342 ----a-w- c:\windows\system32\perfc013.dat
2010-04-11 19:10 . 2009-09-29 19:08 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-11 17:57 . 2008-03-01 12:32 -------- d-----w- c:\program files\Java
2010-04-11 13:02 . 2007-12-02 11:05 680 ----a-w- c:\users\patje\AppData\Local\d3d9caps.dat
2010-04-09 14:55 . 2007-05-26 10:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-09 07:24 . 2007-05-15 09:08 -------- d-----w- c:\users\patje\AppData\Roaming\Image Zone Express
2010-03-21 18:11 . 2007-02-09 13:01 -------- d-----w- c:\program files\Common Files\Ahead
2010-03-21 18:10 . 2007-02-09 13:01 -------- d-----w- c:\programdata\Nero
2010-03-14 16:53 . 2007-02-09 12:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-13 08:35 . 2009-11-15 20:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 08:35 . 2009-11-15 20:23 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 08:35 . 2009-11-15 20:23 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 08:11 . 2007-03-21 20:56 116536 ----a-w- c:\users\patje\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-12 08:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-09 02:28 . 2008-12-05 17:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-06 12:08 . 2009-01-23 08:44 -------- d-----w- c:\users\patje\AppData\Roaming\Belastingdienst
2010-02-24 08:16 . 2009-10-10 08:49 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-04-10 09:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-10 09:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-10 09:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-10 09:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-22 20:18 . 2010-02-22 20:18 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-02-22 19:55 . 2009-07-02 17:22 -------- d-----w- c:\programdata\Microsoft Help
2010-02-22 19:54 . 2009-07-02 17:28 -------- d-----w- c:\program files\Microsoft Works
2010-02-22 18:19 . 2007-03-22 13:48 -------- d-----w- c:\programdata\NVIDIA
2010-02-22 18:18 . 2009-09-27 16:28 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-22 18:18 . 2007-05-24 12:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-22 18:18 . 2009-01-24 12:39 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-21 13:05 . 2008-03-09 16:18 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-20 23:39 . 2010-03-12 07:12 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-12 07:12 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-12 07:12 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-14 16:59 . 2008-07-28 18:09 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-12 10:48 . 2010-03-12 07:56 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-25 12:48 . 2010-03-12 07:58 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-03-12 07:58 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-03-12 07:58 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-03-12 07:58 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-03-12 07:58 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-03-12 07:58 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-03-12 07:58 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-03-12 07:58 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-03-12 07:58 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-24 09:18 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-22 14:04 . 2007-03-24 15:22 115968 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-15 10:39 . 2010-01-15 10:39 1482752 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_septgao_09.7dc488ed3eadaa7b6b5d08dbca4c71cf.dll
2010-01-15 10:39 . 2010-01-15 10:39 1609728 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_tggg.1a1d0cf38dbf32cac78a651320f71d98.dll
2010-01-15 10:39 . 2010-01-15 10:39 417883 ----a-w- c:\programdata\MGS\cache\m\mptadvancedslots.ffdb8625479be3b53b8d19f7d778e3ab.dll
2010-01-15 10:39 . 2010-01-15 10:39 1478656 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_wealthspa.1d6c52060a19ffc8e8529c6648d8f610.dll
2010-01-15 10:39 . 2010-01-15 10:39 823568 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_temp2.46a4643f83fb4fee5edbd7b72ebf781d.dll
2010-01-15 10:39 . 2010-01-15 10:39 1638400 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_summerholiday.246c971e5683180dd3d0e381fb6d8651.dll
2010-01-15 10:39 . 2010-01-15 10:39 823568 ----a-w- c:\programdata\MGS\cache\a\advancedslots1.a5649140bdbd3a1f7c08b381be6f0a22.dll
2010-01-15 10:39 . 2010-01-15 10:39 1482752 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_octgao_09.27dbd220adee9f16140622d34764fadb.dll
2010-01-15 10:39 . 2010-01-15 10:39 1626112 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_flightzone.120e06d45a565cdc8a97a294773b7eb8.dll
2010-01-15 10:39 . 2010-01-15 10:39 213090 ----a-w- c:\programdata\MGS\cache\m\mptleaderboard.5a678c57a8ed645b49592a1121fd619f.dll
2010-01-15 10:38 . 2010-01-15 10:38 61440 ----a-w- c:\programdata\MGS\cache\v\void.5906d6629c0a883b5e8bb60494d24d1d.dll
2010-01-15 10:38 . 2010-01-15 10:38 430080 ----a-w- c:\programdata\MGS\cache\m\menucore.ee2856a9488e195d9b901fec63be0951.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-30 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\patje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 07:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
2008-08-06 14:30 447928 ----a-w- c:\windows\System32\Adobe\Shockwave 11\SwHelper_1100465.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3691576666-3706752153-3734997459-1000]
"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3691576666-3706752153-3734997459-500]
"EnableNotificationsRef"=dword:00000001

R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 1136600]
R3 FNETTHJM;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [2009-08-22 23936]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-05-22 13224]
R3 hitmanpro3;Hitman Pro 3 Support Driver;c:\windows\system32\drivers\hitmanpro3.sys [x]
R3 jgameenp;jgameenp;c:\users\patje\AppData\Local\Temp\jgameenp.sys [x]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [x]
R4 RAMDISK;AR Soft RAM Disk Service;c:\windows\system32\drivers\ramdisk.sys [2008-02-10 10431]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-14 717296]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-13 216200]
S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-12-11 74088]
S2 ACEDRV06;ACEDRV06;c:\windows\system32\drivers\ACEDRV06.sys [2007-08-07 99840]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-13 308064]
S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2009-12-11 1078632]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map

2010-04-12 c:\windows\Tasks\User_Feed_Synchronization-{8439A80F-6754-45B6-BA01-383C6BE1B189}.job
- c:\windows\system32\msfeedssync.exe [2010-04-10 04:54]

2010-04-11 c:\windows\Tasks\User_Feed_Synchronization-{F75E5687-B71B-4AD8-9E48-EC2A3F5D4A75}.job
- c:\windows\system32\msfeedssync.exe [2010-04-10 04:54]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = *.local
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\programs\PartyGaming\PartyCasino\RunCasino.exe
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
TCP: {2DD39030-53FC-407B-ADF9-670B2FA466BA} = 62.45.45.45,62.45.46.46
TCP: {A8E48D0A-0287-4071-ADE6-1670743F04BE} = 62.45.45.45,62.45.46.46
DPF: {63D6DD13-C913-466D-9444-9357561E4D94} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab
.
- - - - ORPHANS VERWIJDERD - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-12 19:20
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys acpi.sys hal.dll prosync1.sys >>UNKNOWN [0x865391F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8b5d5322
\Driver\ACPI -> acpi.sys @ 0x805b0d4c
\Driver\atapi -> prosync1.sys @ 0x8b56b6c1
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-3691576666-3706752153-3734997459-1000\Software\SecuROM\License information*]
"datasecu"=hex:4f,f4,e2,dc,f7,b6,e8,87,37,29,34,34,72,43,52,e3,ba,a2,17,0d,1e,
6a,1b,ab,1a,ff,5b,c5,88,f0,b5,ee,c6,a1,6e,9f,31,e7,ef,47,ea,3b,63,1f,7d,8f,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\IoctlSvc.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Voltooingstijd: 2010-04-12 19:23:47 - machine werd herstart
ComboFix-quarantined-files.txt 2010-04-12 17:23
ComboFix2.txt 2010-04-11 14:07

Pre-Run: 38.790.033.408 bytes beschikbaar
Post-Run: 38.601.379.840 bytes beschikbaar

- - End Of File - - CA585AA827136DF4A2B8B31E95924064

 

[Abraham54]

Hallo Milou, start MBAM weer, eerst updaten en dan een snelle scan laten doen.

Post daarna het MBAM-log en en nieuw HJT-log.