Archief - Random blauwe schermen en office freeze

Hallo,

Ik heb sinds dat ik de laptop heb blauwe schermen en Office die random chrasht.

Met random bedoel ik. Ik ben een mail aan 't typen in Outlook, ik klik op attach file, ik kies een file, en wanneer ik verder wil typen.. . freeze
In Excel ben ik cijfers aan 't invullen, TAB, .. . freeze

En daarop nog heb ik sinds juli al zeker 36 BSOD gehad. Ik heb geen idee hoe het komt. In de Event logs staat er altijd Kernel Error. Maar ik weet niet wat ik misdaan heb met de Kernel.

Ik heb al geprobeerd alle onnodige programma's te uninstallen, maar dat helpt niet.

Kan je me helpen?

Hier alvast de HiJack Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:33:37, on 30/08/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN by Dell
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN by Dell
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
O2 - BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [MacDrive 8 application] "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe"
O4 - HKLM\..\Run: [Getting started with MacDrive 8] "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - Startup: Autostart Intel iPOS v3.lnk = C:\Program Files\Intel iPOS v3\TCEidletimer.exe
O4 - Startup: Intel iPOS v3.lnk = C:\Program Files\Intel iPOS v3\TCEPlayer.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\aestsrv.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
--
End of file - 11260 bytes


Ook heb ik een probleempje bij het scannen met HiJack. Hij gaf me een fout dat het niet aan de host file kon ofzo.

Thanks!

Zie geen malware actief, mogelijk is het een of andere instelling ?

Download ATF cleaner (gemaakt door Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:

• Update MalwareBytes' Anti-Malware
• Start MalwareBytes' Anti-Malware

Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

• Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
• Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
• Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
• Druk vervolgens op "Scannen" om de scan te starten.
• Het scannen kan een tijdje duren, dus wees geduldig.
  
• Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
• Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Plaats dit logje samen met een nieuw logje van HijackThis.

Ik heb alle stappen gevolgd. Maar het hielp niet veel. Ik heb nog een blauw scherm gehad. en excel freezt nu echt heel veel.

Hier alvast de MalwareBytes logje:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4516

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31/08/2010 20:30:32
mbam-log-2010-08-31 (20-30-32).txt

Scan type: Quick scan
Objects scanned: 148795
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


=======================================================
En hijack logje:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:34:35, on 31/08/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN by Dell
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN by Dell
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
O2 - BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [MacDrive 8 application] "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe"
O4 - HKLM\..\Run: [Getting started with MacDrive 8] "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - Startup: Autostart Intel iPOS v3.lnk = C:\Program Files\Intel iPOS v3\TCEidletimer.exe
O4 - Startup: Intel iPOS v3.lnk = C:\Program Files\Intel iPOS v3\TCEPlayer.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\aestsrv.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe

--
End of file - 11297 bytes

Download ComboFix van één van deze locaties:
Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

• Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
  
  Klik hier
  Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
• Dubbeklik op ComboFix.exe en volg de meldingen op het scherm.
• ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
  
  **Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
• Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:



Klik op Ja om verder te gaan met het scannen naar malware.

NOTE: Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de “contents of the ComboFix package has been compromised”
Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.



Blijf je die melding krijgen dan meld je dit.


Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

ComboFix 10-09-03.01 - Yahya Arrassi 03/09/2010 21:35:30.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.2999.2058 [GMT 2:00]
Running from: c:\users\Yahya Arrassi\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-08-03 to 2010-09-03 )))))))))))))))))))))))))))))))
.

2010-09-03 19:39 . 2010-09-03 19:39 -------- d-----w- c:\users\Yahya Arrassi\AppData\Local\temp
2010-09-03 19:31 . 2010-09-03 19:33 -------- d-----w- C:\32788R22FWJFW
2010-09-02 15:38 . 2010-09-02 15:38 -------- d-----w- c:\users\Retail Profiling\AppData\Roaming\Macrovision
2010-09-01 17:04 . 2010-09-01 17:04 -------- d-----w- c:\users\Yahya Arrassi\AppData\Local\Adobe
2010-09-01 06:08 . 2010-09-01 06:08 -------- d-----w- c:\users\Yahya Arrassi\AppData\Local\Apple
2010-08-31 18:23 . 2010-08-31 18:23 -------- d-----w- c:\users\Yahya Arrassi\AppData\Roaming\Malwarebytes
2010-08-31 18:22 . 2010-08-31 18:22 -------- d-----w- c:\programdata\Malwarebytes
2010-08-30 19:23 . 2010-08-30 19:23 388096 ----a-r- c:\users\Yahya Arrassi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-28 15:59 . 2010-08-28 15:37 284752 ----a-w- c:\windows\system32\drivers\tmwfp.sys
2010-08-28 15:59 . 2010-08-28 15:37 143952 ----a-w- c:\windows\system32\drivers\tmlwf.sys
2010-08-28 15:46 . 2010-08-28 15:37 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-08-28 15:46 . 2010-08-28 15:37 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-08-28 15:46 . 2010-08-28 15:37 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-08-28 15:46 . 2010-08-28 15:37 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-08-28 15:38 . 2010-09-01 12:16 -------- d-----w- c:\program files\Trend Micro
2010-08-28 14:11 . 2010-08-28 14:11 -------- d-----w- c:\windows\system32\log
2010-08-25 16:29 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-18 19:21 . 2010-08-18 19:21 -------- d-----w- c:\windows\71833700669D4677A2A90C676FD8E46C.TMP
2010-08-18 18:31 . 2010-08-18 19:21 -------- d-----w- c:\program files\Intel iPOS v3
2010-08-18 17:20 . 2010-08-18 17:20 -------- d-----w- c:\program files\QuickTime
2010-08-18 17:17 . 2010-08-18 17:17 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-18 17:16 . 2010-08-18 17:16 -------- d-----w- c:\program files\iPod
2010-08-18 17:16 . 2010-08-18 17:17 -------- d-----w- c:\program files\iTunes
2010-08-18 17:14 . 2010-08-18 17:14 -------- d-----w- c:\program files\Bonjour
2010-08-18 17:11 . 2010-08-18 17:11 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-15 11:36 . 2010-08-15 11:36 -------- d-----w- c:\program files\Common Files\Canon
2010-08-15 11:34 . 2010-08-15 11:34 -------- d--h--w- c:\programdata\CanonBJ
2010-08-15 11:34 . 2006-09-13 03:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP7L.DLL
2010-08-15 11:34 . 2006-09-13 03:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD7L.DLL
2010-08-15 11:34 . 2010-08-15 11:34 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-08-15 11:34 . 2006-09-13 03:00 197632 ----a-w- c:\windows\system32\CNMLM7L.DLL
2010-08-15 11:34 . 2010-08-15 11:34 -------- d--h--w- c:\program files\CanonBJ
2010-08-11 11:15 . 2010-08-11 11:59 -------- d-----w- c:\users\Yahya Arrassi\AppData\Local\PowerDVD DX
2010-08-11 07:08 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 07:08 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 07:08 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 07:08 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-08-11 07:08 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-08-11 07:08 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 07:08 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-10 02:42 . 2010-08-10 04:33 -------- d-----w- C:\tmp
2010-08-09 16:36 . 2010-08-09 20:42 -------- d-----w- C:\DBRM_Backup
2010-08-07 00:59 . 2010-08-07 01:00 -------- d-----w- c:\users\Yahya Arrassi\AppData\Roaming\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 15:37 . 2010-09-02 15:37 -------- d-----w- c:\users\Retail Profiling\AppData\Roaming\Apple Computer
2010-09-02 15:37 . 2010-09-02 15:37 -------- d-----w- c:\users\Retail Profiling\AppData\Roaming\CyberLink
2010-09-02 15:37 . 2010-09-02 15:37 -------- d-----w- c:\users\Retail Profiling\AppData\Roaming\DigitalPersona
2010-09-02 15:36 . 2010-09-02 15:36 -------- d-----w- c:\users\Retail Profiling\AppData\Roaming\PC Suite
2010-09-01 12:14 . 2010-04-25 11:54 -------- d-----w- c:\programdata\Trend Micro
2010-08-30 08:26 . 2010-06-30 17:20 -------- d-----w- c:\program files\TomTom HOME 2
2010-08-29 17:22 . 2010-06-12 23:17 -------- d-----w- c:\users\Yahya Arrassi\AppData\Roaming\uTorrent
2010-08-28 15:45 . 2010-06-10 12:20 -------- d-----w- c:\users\Yahya Arrassi\AppData\Roaming\Skype
2010-08-28 15:06 . 2010-06-10 18:33 -------- d-----w- c:\programdata\Roxio
2010-08-28 14:56 . 2010-06-10 12:21 -------- d-----w- c:\users\Yahya Arrassi\AppData\Roaming\skypePM
2010-08-28 14:42 . 2010-07-22 18:57 -------- d-----w- c:\users\Yahya Arrassi\AppData\Roaming\Audacity
2010-08-27 18:23 . 2010-08-02 20:11 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-08-27 18:23 . 2010-08-02 20:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-08-27 18:23 . 2010-08-02 20:00 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-08-18 17:18 . 2010-06-15 20:40 -------- d-----w- c:\program files\Safari
2010-08-18 17:16 . 2010-06-09 22:25 -------- d-----w- c:\program files\Common Files\Apple
2010-08-11 07:20 . 2010-04-25 11:53 -------- d-----w- c:\program files\Microsoft Works
2010-08-11 07:19 . 2010-06-07 12:07 -------- d-----w- c:\programdata\Microsoft Help
2010-08-07 10:38 . 2010-08-02 19:49 -------- d-----w- c:\programdata\Sony Corporation
2010-08-07 10:38 . 2010-08-02 19:49 -------- d-----w- c:\program files\Sony
2010-08-07 10:38 . 2010-04-25 11:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-04 17:35 . 2010-06-18 22:59 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-08-04 17:34 . 2010-06-18 22:59 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-08-04 17:34 . 2010-06-18 22:59 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-08-02 19:54 . 2010-08-02 19:50 -------- d-----w- c:\users\Yahya Arrassi\AppData\Roaming\Sony Corporation
2010-07-11 16:58 . 2010-06-16 08:27 -------- d-----w- c:\programdata\PC Suite
2010-07-11 14:58 . 2010-07-11 14:58 -------- d-----w- c:\program files\PC Connectivity Solution
2010-07-11 14:58 . 2010-06-16 08:26 -------- d-----w- c:\program files\Nokia
2010-07-11 14:57 . 2010-07-11 14:57 12212040 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-07-11 14:57 . 2010-07-11 14:57 13930312 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-07-11 14:57 . 2010-07-11 14:57 38912 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-07-11 14:57 . 2010-07-11 14:57 38912 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-07-11 14:57 . 2010-06-25 15:51 77824 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-07-11 14:57 . 2010-06-25 15:51 50000 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-07-10 12:04 . 2010-07-10 12:04 -------- d-----w- c:\program files\Common Files\Mediafour
2010-07-10 12:04 . 2010-07-10 12:04 -------- d-----w- c:\programdata\Mediafour
2010-07-10 12:03 . 2010-07-10 12:03 -------- d-----w- c:\program files\Mediafour
2010-07-09 05:39 . 2010-04-25 11:57 -------- d-----w- c:\program files\Windows Live
2010-07-09 05:33 . 2010-06-13 02:15 -------- d-----w- c:\program files\Opera
2010-07-07 10:48 . 2010-06-25 15:51 103412296 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-07-05 06:19 . 2010-06-10 05:48 54 ----a-w- c:\windows\system32\bd2030.dat
2010-06-30 06:25 . 2010-08-11 07:07 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 19:52 . 2010-06-22 19:52 69214784 ----a-w- c:\users\Yahya Arrassi\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-06-19 06:33 . 2010-08-11 07:07 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-11 07:07 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-11 07:07 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-11 07:07 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 05:28 . 2010-06-18 05:28 12212040 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-06-18 05:28 . 2010-06-18 05:28 13930312 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-06-18 05:28 . 2010-06-18 05:28 77824 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-18 05:28 . 2010-06-18 05:28 61440 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-06-18 05:28 . 2010-06-18 05:28 58880 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-06-18 05:28 . 2010-06-18 05:28 50000 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-06-18 05:28 . 2010-06-18 05:28 98366952 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_PCS_Update.exe
2010-06-16 08:41 . 2010-06-16 08:41 36864 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\Sleep.exe
2010-06-16 08:41 . 2010-06-16 08:41 3351812 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\msxml6Exec.exe
2010-06-16 08:41 . 2010-06-16 08:41 3203453 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\vcredistExec.exe
2010-06-16 08:31 . 2010-06-16 08:42 35607992 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\NokiaSoftwareUpdaterSetup_en.exe
2010-06-16 08:26 . 2010-06-16 08:26 95232 ----a-w- c:\programdata\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Installer\CommonCustomActions\pcswpcsi.exe
2010-06-16 08:26 . 2010-06-16 08:26 8192 ----a-w- c:\programdata\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Installer\CommonCustomActions\UninstCCD.exe
2010-06-16 08:26 . 2010-06-16 08:26 61440 ----a-w- c:\programdata\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-06-16 08:26 . 2010-06-16 08:26 10240 ----a-w- c:\programdata\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Installer\CommonCustomActions\UninstPCS.exe
2010-06-16 08:25 . 2010-06-16 08:26 35536248 ----a-w- c:\programdata\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Nokia_PC_Suite_eng_web[1].exe
2010-06-16 05:48 . 2010-08-11 07:07 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-15 20:39 . 2010-06-15 20:39 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-14 18:15 . 2010-06-14 18:15 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-12 23:16 . 2010-06-12 23:16 9662 ----a-r- c:\users\Yahya Arrassi\AppData\Roaming\Microsoft\Installer\{B9766962-6BA1-470E-944E-0C477FDD26AF}\_6FEFF9B68218417F98F549.exe
2010-06-12 23:16 . 2010-06-12 23:16 10134 ----a-r- c:\users\Yahya Arrassi\AppData\Roaming\Microsoft\Installer\{B9766962-6BA1-470E-944E-0C477FDD26AF}\_D156A2925BC70ABA3B5D45.exe
2010-06-12 23:16 . 2010-06-12 23:16 10134 ----a-r- c:\users\Yahya Arrassi\AppData\Roaming\Microsoft\Installer\{B9766962-6BA1-470E-944E-0C477FDD26AF}\_9750ED6FF98F483851A26A.exe
2010-06-12 23:16 . 2010-06-12 23:16 10134 ----a-r- c:\users\Yahya Arrassi\AppData\Roaming\Microsoft\Installer\{B9766962-6BA1-470E-944E-0C477FDD26AF}\_69BC61BE2CCEF4D069160E.exe
2010-06-10 12:21 . 2010-06-10 12:21 48 ---ha-w- c:\programdata\ezsidmv.dat
2010-06-07 12:36 . 2010-06-07 11:54 110816 ----a-w- c:\users\Yahya Arrassi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-25 12:03 . 2010-04-25 12:03 74 --sh--r- c:\windows\CT4CET.bin
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-07-02 671608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-07 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-01-05 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-11 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-11 166936]
"FreeFallProtection"="c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-02-04 289368]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2009-03-31 141312]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 60928]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 99728]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-06-14 691696]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive partition driver; [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-11-27 16176]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-01-13 57800]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-08-28 143952]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\aestsrv.exe [2009-03-02 81920]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-01-07 192512]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 14808]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-13 1656112]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-12-02 41648]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-29 209920]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
FF - ProfilePath - c:\users\Yahya Arrassi\AppData\Roaming\Mozilla\Firefox\Profiles\5kf8u4n3.default\
FF - component: c:\program files\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - c:\program files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(560)
c:\windows\system32\DPPWDFLT.DLL
.
Completion time: 2010-09-03 21:40:47
ComboFix-quarantined-files.txt 2010-09-03 19:40

Pre-Run: 161,805,492,224 bytes free
Post-Run: 162,427,588,608 bytes free

- - End Of File - - C90D519725231858DC945E873A628D1C

Ik heb ondertussen Trend Micro verwijderd, en nu werken alle programma's zonder te crashen wel. Maar ik krijg nog wel af en toe nog blauw schermen. Ik weet niet juist wat die Combofix heeft gedaan, maar ik kan je nu niet zeggen of het gefixt is of niet.