Marya.exe stond alleen in het register en heb het daar nu wel kunnen verwijderen.PC lijkt nu clean.
Heb ook een logfile gemaakt weet alleen niet wat wincs voor bestand is.Hoort dat wel bij windows?
Logfile of HijackThis v1.99.0
Scan saved at 13:09:55, on 4-7-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
D:\NORTON~2\navapw32.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
D:\ZoneAlarm\zlclient.exe
F:\Proggies\FreeRam Xp Pro 1.40\FreeRAM XP Pro 1.40.exe
D:\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wuauclt.exe
F:\Proggies\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.zonnet.nl/zoeken
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.zonnet.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.zonnet.nl/zoeken
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Zon
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - D:\FlipAlbum 5 Pro\FpLaunch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Gouden Gids - {165EAF06-A068-4BE1-8418-D92B2A196878} - C:\WINDOWS\System32\GoudenGidsBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] D:\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Microsoft Commander fix] wincs.exe
O4 - HKLM\..\Run: [Zone Labs Client] "D:\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "F:\Proggies\FreeRam Xp Pro 1.40\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [SpySweeper] "D:\Spy Sweeper\SpySweeper.exe" /0
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: All - {26835CE1-D5EC-11d5-AF6E-00C06D0086BF} - C:\Program Files\closeIeX\closeIeX.exe
O9 - Extra 'Tools' menuitem: Close ALL IEx's - {26835CE1-D5EC-11d5-AF6E-00C06D0086BF} - C:\Program Files\closeIeX\closeIeX.exe
O9 - Extra button: Others - {6A0426D1-0FF2-49a0-ABC2-05B67826C727} - C:\Program Files\closeIeX\closeIeY.exe
O9 - Extra 'Tools' menuitem: Close OTHER IEx's - {6A0426D1-0FF2-49a0-ABC2-05B67826C727} - C:\Program Files\closeIeX\closeIeY.exe
O9 - Extra button: Vind! - {905AD1B2-DA5A-4601-AECF-2294819C3DF7} - C:\WINDOWS\System32\GoudenGidsBar.dll
O9 - Extra 'Tools' menuitem: Gouden Gids Toolbar - {905AD1B2-DA5A-4601-AECF-2294819C3DF7} - C:\WINDOWS\System32\GoudenGidsBar.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.zonnet.nl
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.c...eb_site.cab?1120147586062
O23 - Service: Acronis Scheduler2 Service - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - D:\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
:strip_icc():strip_exif()/u/112964/elisha1.jpg?f=community)
/u/43807/ZwartGat.png?f=community)
