Hai sinds 2 dagen start de pc steeds plotseling opnieuw op.
Kreeg eerst nadat t was opgestart meldingen dat windows was herstelt van een ernstige fout :

C:\DOCUME~1\natazja\LOCALS~1\Temp\WERe4ec.dir00\Mi ni092706-05.dmp
C:\DOCUME~1\natazja\LOCALS~1\Temp\WERe4ec.dir00\sy sdata.xml
C:\DOCUME~1\natazja\LOCALS~1\Temp\WER7c31.dir00\Mi ni092706-07.dmp
C:\DOCUME~1\natazja\LOCALS~1\Temp\WER7c31.dir00\sy sdata.xml
C:\DOCUME~1\natazja\LOCALS~1\Temp\WERf3d1.dir00\Mi ni092706-08.dmp
C:\DOCUME~1\natazja\LOCALS~1\Temp\WERf3d1.dir00\sy sdata.xml

Heb temp & cookies e.d. verwijderd. Pestpatrol - Spybot - Adaware laten lopen. Vonden niks verder.
Heb gescant ook niks.
Die meldingen zijn nu wel weg maar t zomaar plots opstarten blijft terug komen.
Enig idee waar t aan kan liggen ?? Heb een Hijacklog hieronder gezet.
Thx alvast voor de tijd en moeite ;)

Logfile of HijackThis v1.99.1
Scan saved at 10:22:48, on 27-9-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\Proggies\Hijack this\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.heavens-dream.com/forum/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: &Convert and Open - C:\PROGRA~1\Camtech\CONVER~1\ConvertIt.htm
O8 - Extra context menu item: &Google Zoeken - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Open Selected URL - D:\Alle downloads\rcgoogle\openselectedurl.htm
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Search &Google - D:\Alle downloads\rcgoogle\google.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Start PostSmile - {F596B4DB-835A-4b2f-9BCF-F44FD9705E87} - C:\Program Files\PostSmile\postsmile.exe (HKCU)
O9 - Extra 'Tools' menuitem: Start PostSmile - {F596B4DB-835A-4b2f-9BCF-F44FD9705E87} - C:\Program Files\PostSmile\postsmile.exe (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner_nl/ErrorSafeScannerInstallNL.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

1. Download dit bestand: - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Dubbelklik op combofix.exe en volg de instructies die je krijgt.
3. Wanneer het tooltje klaar is zal het een rapport maken voor je, post die log hier met een nieuw hijackthis logje.

Note:
Niet klikken terwijl combofix bezig is, dat zou het tooltje doen vastlopen!

De combofix log :

natazja - 06-09-27 13:55:41,53 Service Pack 2
ComboFix 06.09.27 - Running from: "G:\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\drsmartload95a.exe

((((((((((((((((((((((((((((((( Files Created from 2006-08-27 to 2006-09-27 ))))))))))))))))))))))))))))))))))

2006-09-04 22:23 34,816 --a------ C:\WINDOWS\system32\~bwcrc32.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

2006-09-27 13:52 -------- d-------- C:\Program Files\PestPatrol
2006-09-27 13:51 -------- d-------- C:\Documents and Settings\natazja\Application Data\Skype
2006-09-27 13:02 -------- d-------- C:\Program Files\PlayFirst
2006-09-27 12:59 -------- d-------- C:\Program Files\WinRAR
2006-09-27 12:59 -------- d-------- C:\Program Files\VMN
2006-09-27 12:59 -------- d-------- C:\Program Files\Messenger
2006-09-27 12:59 -------- d-------- C:\Program Files\ExtractNow
2006-09-27 12:59 -------- d-------- C:\Program Files\Altdesk
2006-09-27 12:48 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-09-27 11:27 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-25 13:29 -------- d-------- C:\Program Files\BFG
2006-09-23 18:00 -------- d---s---- C:\Documents and Settings\natazja\Application Data\Microsoft
2006-09-20 17:02 -------- d-------- C:\Program Files\Pantheon
2006-09-19 17:11 -------- d-------- C:\Program Files\Jewel Match
2006-09-19 13:38 -------- d-------- C:\Program Files\IncrediMail
2006-09-15 08:03 -------- d-------- C:\Program Files\MSN Messenger
2006-09-11 21:18 -------- d-------- C:\Program Files\LimeWire
2006-09-11 17:12 -------- d-------- C:\Program Files\Zylom Games
2006-09-10 12:50 -------- d-------- C:\Program Files\GrabIt
2006-09-05 17:06 76 --ah----- C:\Program Files\Desktop.ini
2006-09-05 11:39 -------- d-------- C:\Documents and Settings\natazja\Application Data\PlayFirst
2006-09-04 22:23 34816 --a------ C:\WINDOWS\system32\~bwcrc32.dll
2006-09-04 22:23 -------- d-------- C:\Program Files\PostAssistant
2006-09-04 19:36 8464 --a------ C:\WINDOWS\system32\sporder.dll
2006-09-03 21:07 -------- d-------- C:\Program Files\FileUploader
2006-09-02 22:07 -------- d-------- C:\Program Files\QuickPar
2006-09-02 21:57 -------- d-------- C:\Program Files\FTDv3.7.3
2006-09-01 21:26 -------- d-------- C:\Program Files\Mahjongg Artifacts
2006-09-01 15:07 -------- d-------- C:\Program Files\MSN Pictures Displayer
2006-08-30 20:44 -------- d-------- C:\Program Files\Atlantis - Sky Patrol
2006-08-26 01:35 -------- d-------- C:\Program Files\GetSmile
2006-08-24 10:51 -------- d-------- C:\Program Files\Java
2006-08-23 20:38 -------- d-------- C:\Program Files\SpeedFan
2006-08-21 19:23 -------- d-------- C:\Program Files\Rainbow Web
2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-15 14:19 -------- d-------- C:\Program Files\iWin.com
2006-08-12 22:20 -------- d-------- C:\Program Files\Internet Explorer
2006-08-09 20:47 -------- d-------- C:\Program Files\iColorFolder
2006-08-03 11:18 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-07-30 21:31 -------- d-------- C:\Documents and Settings\natazja\Application Data\Zylom
2006-07-30 21:31 -------- d-------- C:\Documents and Settings\natazja\Application Data\Identities
2006-07-30 15:04 -------- d-------- C:\Documents and Settings\natazja\Application Data\Visicom Media
2006-07-30 02:11 -------- d-------- C:\Program Files\Yahoo! Games
2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"PestPatrol Control Center"="c:\\PROGRA~1\\PESTPA~1\\PPControl.exe"
"PPMemCheck"="c:\\PROGRA~1\\PESTPA~1\\PPMemCheck.exe"
"CookiePatrol"="c:\\PROGRA~1\\PESTPA~1\\CookiePatrol.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00, 00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00, 00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00, 00,e2,02,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDriveAutoRun"=hex:00,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1. EXE "
"item"="Adobe Reader Snelle start"
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Adobe Reader Snelle start.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Snelle start.lnkCommon Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program \\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"
"path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Belt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Belt"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HDinfo]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hdinfo"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\hdinfo.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msbb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msbb"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\wfkdmrcl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wfkdmrcl"
"hkey"="HKLM"
"inimapping"="0"

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: Wed 27-09-2006 13:56:18.89
ComboFix.txt


En de Hijacklog :

Logfile of HijackThis v1.99.1
Scan saved at 13:58:47, on 27-9-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
G:\Proggies\Hijack this\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.heavens-dream.com/forum/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: &Convert and Open - C:\PROGRA~1\Camtech\CONVER~1\ConvertIt.htm
O8 - Extra context menu item: &Google Zoeken - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Open Selected URL - D:\Alle downloads\rcgoogle\openselectedurl.htm
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Search &Google - D:\Alle downloads\rcgoogle\google.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Start PostSmile - {F596B4DB-835A-4b2f-9BCF-F44FD9705E87} - C:\Program Files\PostSmile\postsmile.exe (HKCU)
O9 - Extra 'Tools' menuitem: Start PostSmile - {F596B4DB-835A-4b2f-9BCF-F44FD9705E87} - C:\Program Files\PostSmile\postsmile.exe (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner_nl/ErrorSafeScannerInstallNL.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

* Download en installeer Ewido Anti-Spyware 4.0 (http://www.ewido.net/en/download/).
Na de installatie, open Ewido Anti-Spyware 4.0:
* onder "Status", klik op Change state naast "Resident shield".
* onder "Update", klik op de Start update knop.
* onder "Scanner", tab "Settings":- onder "How to act?", klik op "Recommended actions" en selecteer Quarantine.
- onder "Reports", selecteer Automatically generate report after every scan en verwijder het vinkje bij Only if threats were found
Sluit Ewido. Laat het nog niet scannen.

* Als je Adaware SE nog niet geïnstalleerd hebt, download, installeer en update het dan volgens de richtlijnen
die je kan vinden op: http://users.pandora.be/marcvn/spyware/1414188.htm

* Start je computer op in VEILIGE MODUS (http://users.pandora.be/marcvn/spyware/1378056.htm)

* Voer een volledige scan uit met Adaware en verwijder alles wat gevonden wordt.


open ewido en klik op de Scanner tab bovenaan en klik dan op Complete System Scan. Deze scan zal heel je systeem afcannen dus dit kan een tijdje duren
Ewido zal alle geïnfecteerde objecten aan de linkerkant tonen. Waneer de scan gedaan is, zal het alles naar de 'Quarantine' optie zetten. klik dan op de Apply all actions knop. Ewido zal dan het volgend bericht tonen aan de rechterkant: "All actions have been applied"
Klik dan op "Save Report", en dan op "Save Report As". dit zal een rapport maken Wees zeker dat je het rapport makkelijk kunt terugvinden (ijvoorbeeld op je bureaublad).


* Herstart je computer in normale modus.

* Download ATF cleaner (http://www.atribune.org/ccount/click.php?id=1) (by Atribune)

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

* Post dan een nieuw hijackthis logje hier met het rapport van ewido.

Ik heb Adaware laten draaien en die vond helemaal niks.
Daarna de stappen gevolgt voor Ewido... ik heb t inmiddels 6 keer geprobeerd maar na een minuut of 2 a 3 slaat de pc weer uit en start opnieuw op.
Als hij opnieuw opgestart is geeft hij me deze melding :

http://img135.imageshack.us/img135/2189/foutmeldingqs1.jpg
En dan de regel : C:\DOCUME~1\natazja\LOCALS~1\Temp\WERda9e.dir00\Mi ni092706-05.dmp
C:\DOCUME~1\natazja\LOCALS~1\Temp\WERda9e.dir00\sy sdata.xml

Dus ik krijg gewoon die Ewido niet voor elkaar :wall:

Wel die ATF-Cleaner gedaan weer en een nieuwe Hijacklog gemaakt :

Logfile of HijackThis v1.99.1
Scan saved at 16:01:01, on 27-9-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\Proggies\Hijack this\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.heavens-dream.com/forum/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: &Convert and Open - C:\PROGRA~1\Camtech\CONVER~1\ConvertIt.htm
O8 - Extra context menu item: &Google Zoeken - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Open Selected URL - D:\Alle downloads\rcgoogle\openselectedurl.htm
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Search &Google - D:\Alle downloads\rcgoogle\google.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Start PostSmile - {F596B4DB-835A-4b2f-9BCF-F44FD9705E87} - C:\Program Files\PostSmile\postsmile.exe (HKCU)
O9 - Extra 'Tools' menuitem: Start PostSmile - {F596B4DB-835A-4b2f-9BCF-F44FD9705E87} - C:\Program Files\PostSmile\postsmile.exe (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner_nl/ErrorSafeScannerInstallNL.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Schakel eerst eens windows defender en pestpatrol uit, en verhinder ze ook mee op te starten met windows. Anders zullen ze alles in hijackthis ongedaan maken!

* Fix de volgende regels in hijackthis:

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: HelperObject Class - {00C6482D
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/si...rInstallNL.cab

Helaas....na t uitvoeren van de Hijackregels en t ff opnieuw opstarten deed de pc helemaal niks meer. :wtf:
Heb een format C moeten uitvoeren want Windows startte helemaal niet meer op. :wall:

Heel erg bedankt voor je tijd en inzet :bow: :good:

Graag gedaan.