Hallo,

Mijn computer verteld me dat hij geinfecteerd is dmv pop-up's zoals:
Windows Security Center:
System files and register changing are detected.
Your PC is under the threat of loss data! It is recommended to start the guard canner.
Warning! Security report:
Your computer i infected! It is recommended to start spyware cleaner tool.

Deze meldingen verschijnen geregeld ook onderaan in een ballonnetje bij het icoontje dat er uit ziet als een rode bol met een witte X in.

Andere moeilijkheden die ik ondervind zijn:
De desktop achtergrond is gevuld met blauw, geel,rood en groen gekleurde blokken en kan dit niet wijzigen.
Het programma Malwarebytes start niet op.
Ik kan verschillende webpagina's niet openen vooral deze die iets met virussen te maken hebben.
AVG kan niet meer geupdate worden.
De PC kan blijkbaar niet in safe-mode opgestart worden.

Zelf heb ik a-squared free laten zoeken naar verdachte betanden, hij vond er een 50-tal die ik heb verwijdert.
Ook Windows OneCare safety scanner, die ontdekte: 8 severe issues, 1 High issue en 1 Medium issue.
6 issues not able to be cleaned.
Na deze laatste scan krijg ik geen meldingen meer dat mijn PC geinfecteerd is.
De overige problemen blijven bestaan.

Ik voeg hier mijn HijackThis logbetand bij:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:43 AM, on 1/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\LNM Client\Client.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\Gateway.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\UltimateZip 2007\uzqkst.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923 (http://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923 (http://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.65.0\HostIE.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: System - {D1C8F9CE-563E-11D8-813C-005022E14DE3} - C:\Program Files\LNM Client\AddAPI.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.65.0\HostIE.dll (file missing)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.65.0\ZangoSA.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LNM Client] "C:\Program Files\LNM Client\Client.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.65.0\Weather.exe" -auto
O4 - HKCU\..\Run: [CDriver] c:\google.com\svchost.exe
O4 - HKCU\..\Run: [DDriver] c:\google.com\svchost.exe
O4 - HKCU\..\Run: [alpha] c:\google.com\svchost.exe
O4 - HKCU\..\Run: [beta] c:\google.com\svchost.exe
O4 - HKCU\..\Run: [gamma] c:\google.com\svchost.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\google.com\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DriverCheck] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CDriver] c:\google.com\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DDriver] c:\google.com\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\google.com\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [beta] c:\google.com\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\google.com\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: OpenOffice.org 2.0 .lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Start the communication Gateway.lnk = C:\WINDOWS\system32\Gateway.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: LNM Client - {5D602A21-B929-11d7-A5D3-005022E14DE3} - www.lnm.eu (http://www.lnm.eu) (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powersoccer.spel.nl/applet/PowerLoader.cab
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {68B93863-D5DF-4854-8B65-9A12995D80AD} (WebDVR Control) - file:///C:/BackUp%202006-09-30/Documents/Personal%20secure/Wim/Pelco/webdvr.cab
O16 - DPF: {B91012E3-3DC4-442B-B5C7-35BF3857D215} (Encoder Media Control) - http://194.78.150.228/nvEncoderMedia.dll
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://suvorov.lnm.eu/lnm.eu/client/LNMClientInstaller.cab
O16 - DPF: {DB7ACFA2-9634-4C98-BC9D-FB9416153022} (nvEPLMedia Control) - http://194.78.150.228:81/nvEPLMedia.ocx
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O22 - SharedTaskScheduler: Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B} - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 22351 bytes

Het zou me waarschijnlijk zeer erg kunnen helpen al u me kon vertellen welke van deze items ik kan verwijderen.
Alvast bedankt op voorhand,
Jan.

Als deze twee

ZangoSA
MyWebSearch

bij software in de lijst staan, wil je die dan eerst verwijderen.

start opnieuw op.

Download MalwareBytes' Anti-Malware (http://www.besttechie.net/mbam/mbam-setup.exe) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:


Update MalwareBytes' Anti-Malware

Start MalwareBytes' Anti-Malware

Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.


Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".

Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".

Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".

Druk vervolgens op "Scannen" om de scan te starten.

Het scannen kan een tijdje duren, dus wees geduldig.


Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Plaats dit logje samen met een nieuw logje van HijackThis.

Ik heb zoals gezegd alles waar ZangoSA en MyWebSearch in staat verwijderd en herstart.
Ik kan nog steeds de link MalwareBytes' Anti-Malware (http://www.besttechie.net/mbam/mbam-setup.exe) openen, ook het programma zelf dat ik reeds geinstalleerd had kan ik nog steeds niet opstarten.
Enige sugestie wat ik nog kan proberen?

Download http://download.bleepingcomputer.com/sUBs/ComboFix.exe Combofix (http://%5BURL=%22http://download.bleepingcomputer.com/sUBs/ComboFix.exe%5D%5Bb%5D%5Bcolor=blue%5DCombofix%5B/color%5D%5B/b%5D%5B/url%22)naar je Bureaublad en gebruik het volgens http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden deze (http://%5BURL=%22http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden%5Ddeze%22) handleiding
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

sorry, maar ook deze link krijg ik niet geopend... wat nu?

leuk,

wil je combofix.exe hernoemen naar 123567.exe en het dan opnieuw starten.

Het probleem is dat ik de link waar ik het programma kan downloaden niet kan openen.
Het veemde is dat de browser de website http://download.bleepingcomputer.com in zijn geheel niet toelaat, net als de meeste zoniet alle sites die met virussen te maken hebben.

Ok dat is niet handig.

Wil je even een nieuw HJT logje maken, eens kijken of ik het op een andere manier kan benaderen.

Hier volgt mijn recent HJT logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:41 PM, on 1/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\LNM Client\Client.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\Gateway.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\UltimateZip 2007\uzqkst.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923 (http://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923 (http://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.65.0\HostIE.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: System - {D1C8F9CE-563E-11D8-813C-005022E14DE3} - C:\Program Files\LNM Client\AddAPI.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.65.0\HostIE.dll (file missing)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LNM Client] "C:\Program Files\LNM Client\Client.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.65.0\Weather.exe" -auto
O4 - HKCU\..\Run: [CDriver] c:\google.com\svchost.exe
O4 - HKCU\..\Run: [DDriver] c:\google.com\svchost.exe
O4 - HKCU\..\Run: [alpha] c:\google.com\svchost.exe
O4 - HKCU\..\Run: [beta] c:\google.com\svchost.exe
O4 - HKCU\..\Run: [gamma] c:\google.com\svchost.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\google.com\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DriverCheck] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CDriver] c:\google.com\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DDriver] c:\google.com\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\google.com\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [beta] c:\google.com\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\google.com\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: OpenOffice.org 2.0 .lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Start the communication Gateway.lnk = C:\WINDOWS\system32\Gateway.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: LNM Client - {5D602A21-B929-11d7-A5D3-005022E14DE3} - www.lnm.eu (http://www.lnm.eu) (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powersoccer.spel.nl/applet/PowerLoader.cab
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {68B93863-D5DF-4854-8B65-9A12995D80AD} (WebDVR Control) - file:///C:/BackUp%202006-09-30/Documents/Personal%20secure/Wim/Pelco/webdvr.cab
O16 - DPF: {B91012E3-3DC4-442B-B5C7-35BF3857D215} (Encoder Media Control) - http://194.78.150.228/nvEncoderMedia.dll
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://suvorov.lnm.eu/lnm.eu/client/LNMClientInstaller.cab
O16 - DPF: {DB7ACFA2-9634-4C98-BC9D-FB9416153022} (nvEPLMedia Control) - http://194.78.150.228:81/nvEPLMedia.ocx
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O22 - SharedTaskScheduler: Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B} - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 22087 bytes

Nou gaat er maar even voor zitten.

Klik met de rechtermuis op het programma Hijackthis en Kies voor
'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.65.0\HostIE.dll (file missing)
O2 - BHO: System - {D1C8F9CE-563E-11D8-813C-005022E14DE3} - C:\Program Files\LNM Client\AddAPI.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.65.0\HostIE.dll (file missing)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.65.0\Weather.exe" –auto
O4 - HKCU\..\Run: [CDriver] c:\google.com\svchost.exe
O4 - HKCU\..\Run: [DDriver] c:\google.com\svchost.exe
O4 - HKCU\..\Run: [alpha] c:\google.com\svchost.exe
O4 - HKCU\..\Run: [beta] c:\google.com\svchost.exe
O4 - HKCU\..\Run: [gamma] c:\google.com\svchost.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\google.com\svchost.exe

O4 - HKUS\S-1-5-18\..\Run: [DriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DriverCheck] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CDriver] c:\google.com\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DDriver] c:\google.com\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\google.com\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [beta] c:\google.com\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\google.com\svchost.exe (User 'SYSTEM')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: LNM Client - {5D602A21-B929-11d7-A5D3-005022E14DE3} - www.lnm.eu (file missing)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab (http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab)
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O22 - SharedTaskScheduler: Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B} - (no file)
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)




Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

Start opnieuw op

Kijk even of je nu wel kan de tools kan downloaden, zo ja doe dat dan en voer ze uit.




plaats ook een nieuw HJT logje aub.

Mocht het niet lukken probeer dan dit programma op je pc te krijgen ( via usb stick bv.) en voer dit uit.

Download KillAFile.exe en plaats het op je bureaublad: http://users.telenet.be/marcvn/tools/KillAFile.exe (http://users.telenet.be/marcvn/tools/KillAFile.exe)
Dubbelklik op KillAFile.exe om de tool te starten.
In het keuzemenu kies je voor optie 1:
1: Delete a file on reboot
Wanneer deze melding verschijnt

:
Insert full path and filename to delete.
and then press enter:


tik je dit in: c:\google.com\svchost.exe
Indien het bestandje aanwezig is, zal de computer vragen om te herstarten.
Sta dit toe.
Wanneer de computer opnieuw opgestart is, opent er een kladblokbestandje. Post de inhoud van dit bestand.

Ik kan nog steeds de tools niet downloaden.
MalwareBytes kan ik ook nog steeds niet opstarten.
Mijn logje ziet er nu als volgt uit:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:20 PM, on 1/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LNM Client\Client.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\WINDOWS\system32\Gateway.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\UltimateZip 2007\uzqkst.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923 (http://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923 (http://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LNM Client] "C:\Program Files\LNM Client\Client.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: OpenOffice.org 2.0 .lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Start the communication Gateway.lnk = C:\WINDOWS\system32\Gateway.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powersoccer.spel.nl/applet/PowerLoader.cab
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {68B93863-D5DF-4854-8B65-9A12995D80AD} (WebDVR Control) - file:///C:/BackUp%202006-09-30/Documents/Personal%20secure/Wim/Pelco/webdvr.cab
O16 - DPF: {B91012E3-3DC4-442B-B5C7-35BF3857D215} (Encoder Media Control) - http://194.78.150.228/nvEncoderMedia.dll
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://suvorov.lnm.eu/lnm.eu/client/LNMClientInstaller.cab
O16 - DPF: {DB7ACFA2-9634-4C98-BC9D-FB9416153022} (nvEPLMedia Control) - http://194.78.150.228:81/nvEPLMedia.ocx
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 19528 bytes

@ Juister:de linken van combofix krijg ik ook niet open daarom zet ik ze even opnieuw

gebruik van combofix:http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden

downloaden progje:BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

Het pogramma KillAFile.exe downloaden was geen pobleem.
He bestand c:\google.com\svchost.exe werd niet gevonden, er werd dus ook niet gevraagd om te herstarten.
Na een manuele herstart werd er ook geen kladblokbestandje geopend.

Geen van de links die "sykke" poste krijg ik open.

Ik krijg ook een error , ik ga even vragen.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden


http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden

Ook deze werken niet... erg gesteld hé?

Is er nog hoop?
Ik heb ondertussen de Temporay Internet Files, Cookies en History al verwijderd in mijn browser.
Ook dat hielp niets om op bepaalde websites te kunnen komen.

bij mij werken ze wel hoor, probeer ze eens te downloaden via een andere pc en dan met behulp van een datastick op de besmette pc overzetten.

Schoonbroer had volgens mij hetzelfde virus, ik kon niets installeren dat met antivirus of dergelijke te maken had. Idem de websites, gewoon surfen ging (traag weliswaar), zodra je naar een security-related site ging, gaf hij ne 404. Geluk was dat het desktop was, heb schijf eruit gehaald en via een andere pc laten scannen door al wat ik had. En toen pas was het gelukt de schijf infectievriij te krijgen.(y) Maar ik ben benieuwd naar het vervolg van dit verhaal, kwestie van wat bij te leren ook hé

edit:sorry voor de indringing :bow::shy:

Dat kan natuurlijk ook nog inderdaad.

Ik zal het in ieder geval proberen maar ik vrees een beetje voor het resultaat omdat ik reeds MalwareByte lange tijd geinstalleerd had op de laptop maar het gewoon niet kan opstarten.
Wat ik ook ondervonden had is dat ik de task manager niet meer kon opstarten. Regedit in het commandovenster werkte ook niet.
Door de keys te vewijderen met HJT zoals je voorstelde werkte regedit terug. De task manager kreeg ik weer aan de praat door de tweede methode te volgen van volgende site: http://windowsxp.mvps.org/Taskmanager_error.htm
De eerste methode deed het niet.
De achtergrond van mijn desktop kan ik ook niet wijzigen.
En het probleem met de blokkering van bepaalde sites blijft.
Ik doe er alvast nog eens een HJT logje bij.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:58 PM, on 1/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LNM Client\Client.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\PROGRA~1\AVANTB~1\avant.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\WINDOWS\system32\Gateway.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\UltimateZip 2007\uzqkst.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923 (http://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923 (http://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LNM Client] "C:\Program Files\LNM Client\Client.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\6to4svch.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: OpenOffice.org 2.0 .lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Start the communication Gateway.lnk = C:\WINDOWS\system32\Gateway.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powersoccer.spel.nl/applet/PowerLoader.cab
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {68B93863-D5DF-4854-8B65-9A12995D80AD} (WebDVR Control) - file:///C:/BackUp%202006-09-30/Documents/Personal%20secure/Wim/Pelco/webdvr.cab
O16 - DPF: {B91012E3-3DC4-442B-B5C7-35BF3857D215} (Encoder Media Control) - http://194.78.150.228/nvEncoderMedia.dll
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://suvorov.lnm.eu/lnm.eu/client/LNMClientInstaller.cab
O16 - DPF: {DB7ACFA2-9634-4C98-BC9D-FB9416153022} (nvEPLMedia Control) - http://194.78.150.228:81/nvEPLMedia.ocx
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 19630 bytes

Ga nog eens naar software en kijk eens of deze in de lijst staat,
UpdateWin
zo ja , verwijderen.




Ga naar Start en klik op Deze computer.
In de menubalk selecteer je Extra en dan Mapopties.
Selecteer de tab Weergave.
Bij Verborgen bestanden en mappen selecteer je Verborgen bestanden en mappen weergeven.
Bij Bestanden en mappen haal je het vinkje weg bij: Beveiligde besturingssysteembestanden verbergen (aanbevolen).
Klik op Ja om dit te bevestigen.
Klik op OK.

Start op in veilige modus, hier staat hoe dat moet als je dat niet weet http://users.telenet.be/marcvn/spyware/1378056.htm
als je die niet weet , tijdens opstarten op F8 tappen en dan kiezen voor vm. (http://users.telenet.be/marcvn/spyware/1378056.htm)



(http://users.telenet.be/marcvn/spyware/1378056.htm)


Start de verkenner en zoek deze items dikgedrukt en verwijder die.

C:\WINDOWS\system32\6to4svch.exe

Start opnieuw op in normale modus en plaats even een nieuw HJT logje aub.

UpdateWin vond ik niet terug bij mijn progamma's of moet ik elders zoeken?
Het bestand 6to4svch.exe is verwijderd in C:\WINDOWS\system32\
Na een algemene zoekopdracht in de verkenner vond ik in C:\WINDOWS\Prefech\ ook nog het betand: 6to4vch.exe-1C62D703.pf dit bestand heb ik dan ook maar verwijderd.

De problemen blijven nog altijd dezelfde.

Hieronder mijn HJT logje


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:43 PM, on 1/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\LNM Client\Client.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\PROGRA~1\AVANTB~1\avant.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\WINDOWS\system32\Gateway.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\UltimateZip 2007\uzqkst.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923 (http://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923 (http://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LNM Client] "C:\Program Files\LNM Client\Client.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: OpenOffice.org 2.0 .lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Start the communication Gateway.lnk = C:\WINDOWS\system32\Gateway.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powersoccer.spel.nl/applet/PowerLoader.cab
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {68B93863-D5DF-4854-8B65-9A12995D80AD} (WebDVR Control) - file:///C:/BackUp%202006-09-30/Documents/Personal%20secure/Wim/Pelco/webdvr.cab
O16 - DPF: {B91012E3-3DC4-442B-B5C7-35BF3857D215} (Encoder Media Control) - http://194.78.150.228/nvEncoderMedia.dll
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://suvorov.lnm.eu/lnm.eu/client/LNMClientInstaller.cab
O16 - DPF: {DB7ACFA2-9634-4C98-BC9D-FB9416153022} (nvEPLMedia Control) - http://194.78.150.228:81/nvEPLMedia.ocx
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 19215 bytes

Probeer de tools nu eens te downloaden ?

Geen enkele van de opgegeven links kan ik openen en dus ook niets downloaden.
Ook kan ik MalwareByte nog steeds niet opstarten.

Het probleem met de desktop heb ik ondertussen opgelost.
Ik heb de volgende sleutels van "1" naar "0" gezet.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\activedesktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\activedesktop
Is het mogelijk dat mijn laptop nu virusvrij is maar er nog sleutels zijn gewijzigd en nog niet goed staan?
Het probleem is nog steeds dat ik MalwareBytes niet kan starten en niet op sites kan die iets met virussen te maken hebben.

Ondertussen heb ik toch al wat vuitgang geboekt.

Combofix kon ik downloaden via volgende link:
http://www.npinc.ca/support/0209jan.txt
Daarna heb ik het hernoemd en uitgevoerd in safe mode.
Logje hiervan vind u hieronder:

ComboFix 09-01-10.02 - Jan 2009-01-11 3:43:41.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1733 [GMT 1:00]
Running from: C:\0209jan.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Jan\LOCALS~1\Temp\install_flash_player .exe
c:\documents and settings\Jan\Application Data\~tmp.html
c:\documents and settings\Jan\Application Data\FunWebProducts
c:\documents and settings\Jan\Application Data\FunWebProducts\Data\Jan\avatar.dat
c:\documents and settings\Jan\Application Data\FunWebProducts\Data\Jan\zbucks.dat
c:\documents and settings\Jan\Application Data\WeatherDPA
c:\documents and settings\Jan\Application Data\WeatherDPA\Weather\WeatherStartup.xml
c:\documents and settings\Jan\Application Data\Zango
c:\documents and settings\Jan\Application Data\Zango\eskin\FileManager.txt
c:\documents and settings\Jan\Application Data\Zango\eskin\genetics_and_medicine_dna_img.htm
c:\documents and settings\Jan\Application Data\Zango\eskin\genetics_and_medicine_dna_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\030104_emte10_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\030104_emte11_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\030104_emte12_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\030104_emte13_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\030104_emte14_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\030104_emte19_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\030104_emte20_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\030104_emte21_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\030104_emte9_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\030203lib_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\033102angel_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\033102bigluf_1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\033102bigsmile_1_p rv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\033102birthday_1_p rv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\033102cheers_1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\033102flo_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\033102good_1_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\033102jump_1_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\033102king_1_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\033102lough_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\033102luf_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\033102smile_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\033102smiled_1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\033102sor_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\033102thanx_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\033102uhu_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\040103ahh_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\040103wow_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\040104_emi2_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\042102_1134_112_pr v.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\050103big_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\050103gig_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\050103hm_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\050103nomail_emoti _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\050103norm_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\060104_ema15_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\060104_ema16_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\060104_ema17_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\060104_ema18_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\060104_ema19_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\060104_ema20_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\060104_ema21_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\060104_ema24_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\060104_ema25_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\060104_ema26_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\060104_ema30_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\060104_ema33_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\060104_ema34_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\062802hippi_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\062802jumpie_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\080402argh_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\080402oops_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\080402ouch_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\082502no_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\082502yes_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\110103_boring1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\110103_confused_pr v.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\110103_crying_ugly _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\110103_fantastic_p rv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\110103_feel_better _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\110103_gimme_break _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\110103_heehee_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\110103_hlopaet_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\110103_ign_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\110103_lol_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\110103_no_comment_ prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\110103_peace_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\110103_smashing_pr v.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\110103_talk2thehan d_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\avatar.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\block_sm.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\block_sm2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\block_smli.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\block_smli2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\blocked.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\blocked2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\btn_add-but.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\btn_back-but.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\btn_left_cut_enabl ed_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\btn_left_enabled_1 .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\btn_left_pressed_1 .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\btn_middle_enabled _1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\btn_middle_pressed _1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\btn_right_cut_enab led_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\btn_right_enabled_ 1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\btn_right_pressed_ 1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\business_promo.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\buttondir.txt
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\components.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\css_cattree.css
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\css_flashpreview.c ss
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\css2_main.css
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\css2_pagingmodule. css
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\css2_topbuttons.cs s
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\cursors.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\delete.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\edit_clear_sound.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\edit_fs.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\edit_select.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\email-t1-bg.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\email-temp-bg.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\estatationery.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\flashpatch.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\flashpreview.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\fs3.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\hotbar_promo.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\icon_checked_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\icon_close_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\icon_close_pressed _1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\icon_edit_preview. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\icon_edit_send.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\icon_flash_preview .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\icon_recently_used .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\icon_remove_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\icon_remove_presse d_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\icon_sand-clock2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\icon_tell_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\icon_tell_pressed_ 1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\icon_tree_null.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\icon_unchecked_1.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\icon_unchecked_pre ssed_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\img_barlayout.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\img_barlayout2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\img_barlayout4.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\img_corner_left.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\img_local_logo.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\js2_basetemplate.j s
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\js2_hbgroups.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\js2_hbobject3.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\js2_hbobjectset3.j s
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\js2_hotbarwrapper. js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\js2_iteratorsandre aders3nf.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\js2_pagingmoduleob j3.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\js2_texts3.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\js2_xmltree3nf.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\layout.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\linkpathlegal.txt
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\n.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\nav_b_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\nav_bb_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\nav_f_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\nav_ff_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\progress.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\sales_buttons.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\searchbtn.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\submit.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\tab_bg.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\tab_bga.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\tab_bgia.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\tab_l.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\tab_la.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\tab_lia.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\tab_r.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\tab_ra.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\tab_ria.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\tree_dots.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\tree_minus.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\tree_plus.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\treedata_animation s.xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\treedata_backgroun ds.xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\treedata_ecards.xm l
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\treedata_emoticons .xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\treedata_notifiers .xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\treedata_text.xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\1\zango_btn.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\030104_emte10_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\030104_emte11_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\030104_emte12_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\030104_emte13_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\030104_emte14_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\030104_emte19_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\030104_emte20_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\030104_emte21_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\030104_emte9_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\030203lib_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\033102angel_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\033102bigluf_1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\033102bigsmile_1_p rv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\033102birthday_1_p rv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\033102cheers_1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\033102flo_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\033102good_1_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\033102jump_1_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\033102king_1_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\033102lough_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\033102luf_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\033102smile_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\033102smiled_1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\033102sor_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\033102thanx_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\033102uhu_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\040103ahh_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\040103wow_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\040104_emi2_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\042102_1134_112_pr v.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\050103big_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\050103gig_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\050103hm_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\050103nomail_emoti _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\050103norm_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\060104_ema15_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\060104_ema16_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\060104_ema17_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\060104_ema18_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\060104_ema19_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\060104_ema20_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\060104_ema21_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\060104_ema24_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\060104_ema25_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\060104_ema26_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\060104_ema30_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\060104_ema33_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\060104_ema34_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\062802hippi_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\062802jumpie_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\080402argh_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\080402oops_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\080402ouch_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\082502no_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\082502yes_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\110103_boring1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\110103_confused_pr v.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\110103_crying_ugly _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\110103_fantastic_p rv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\110103_feel_better _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\110103_gimme_break _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\110103_heehee_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\110103_hlopaet_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\110103_ign_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\110103_lol_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\110103_no_comment_ prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\110103_peace_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\110103_smashing_pr v.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\110103_talk2thehan d_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\avatar.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\block_sm.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\block_sm2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\block_smli.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\block_smli2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\blocked.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\blocked2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\btn_add-but.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\btn_back-but.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\btn_left_cut_enabl ed_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\btn_left_enabled_1 .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\btn_left_pressed_1 .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\btn_middle_enabled _1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\btn_middle_pressed _1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\btn_right_cut_enab led_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\btn_right_enabled_ 1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\btn_right_pressed_ 1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\business_promo.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\buttondir.txt
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\components.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\css_cattree.css
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\css_flashpreview.c ss
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\css2_main.css
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\css2_pagingmodule. css
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\css2_topbuttons.cs s
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\cursors.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\delete.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\edit_clear_sound.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\edit_fs.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\edit_select.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\email-t1-bg.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\email-temp-bg.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\estatationery.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\flashpatch.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\flashpreview.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\fs3.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\hotbar_promo.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\icon_checked_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\icon_close_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\icon_close_pressed _1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\icon_edit_preview. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\icon_edit_send.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\icon_flash_preview .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\icon_recently_used .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\icon_remove_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\icon_remove_presse d_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\icon_sand-clock2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\icon_tell_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\icon_tell_pressed_ 1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\icon_tree_null.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\icon_unchecked_1.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\icon_unchecked_pre ssed_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\img_barlayout.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\img_barlayout2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\img_barlayout4.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\img_corner_left.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\img_local_logo.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\js2_basetemplate.j s
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\js2_hbgroups.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\js2_hbobject3.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\js2_hbobjectset3.j s
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\js2_hotbarwrapper. js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\js2_iteratorsandre aders3nf.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\js2_pagingmoduleob j3.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\js2_texts3.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\js2_xmltree3nf.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\layout.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\linkpathlegal.txt
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\n.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\nav_b_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\nav_bb_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\nav_f_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\nav_ff_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\progress.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\sales_buttons.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\searchbtn.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\submit.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\tab_bg.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\tab_bga.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\tab_bgia.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\tab_l.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\tab_la.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\tab_lia.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\tab_r.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\tab_ra.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\tab_ria.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\tree_dots.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\tree_minus.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\tree_plus.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\treedata_animation s.xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\treedata_backgroun ds.xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\treedata_ecards.xm l
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\treedata_emoticons .xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\treedata_notifiers .xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\treedata_text.xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\2\zango_btn.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\DownLoad\avatar.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\DownLoad\business_pr omo.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\DownLoad\buttondir.x ip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\DownLoad\code.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\DownLoad\cursors.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\DownLoad\email-t1-bg.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\DownLoad\email-temp-bg.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\DownLoad\hotbar_prom o.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\DownLoad\images.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\DownLoad\layout.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\DownLoad\linkpathleg al.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\DownLoad\localconten t.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\DownLoad\sales_butto ns.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\DownLoad\treexml.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOI\static\DownLoad\zango_btn.x ip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\030104_emte10_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\030104_emte11_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\030104_emte12_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\030104_emte13_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\030104_emte14_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\030104_emte19_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\030104_emte20_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\030104_emte21_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\030104_emte9_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\030203lib_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\033102angel_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\033102bigluf_1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\033102bigsmile_1_p rv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\033102birthday_1_p rv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\033102cheers_1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\033102flo_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\033102good_1_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\033102jump_1_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\033102king_1_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\033102lough_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\033102luf_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\033102smile_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\033102smiled_1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\033102sor_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\033102thanx_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\033102uhu_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\040103ahh_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\040103wow_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\040104_emi2_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\042102_1134_112_pr v.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\050103big_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\050103gig_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\050103hm_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\050103nomail_emoti _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\050103norm_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\060104_ema15_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\060104_ema16_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\060104_ema17_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\060104_ema18_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\060104_ema19_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\060104_ema20_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\060104_ema21_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\060104_ema24_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\060104_ema25_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\060104_ema26_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\060104_ema30_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\060104_ema33_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\060104_ema34_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\062802hippi_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\062802jumpie_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\080402argh_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\080402oops_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\080402ouch_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\082502no_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\082502yes_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\110103_boring1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\110103_confused_pr v.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\110103_crying_ugly _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\110103_fantastic_p rv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\110103_feel_better _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\110103_gimme_break _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\110103_heehee_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\110103_hlopaet_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\110103_ign_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\110103_lol_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\110103_no_comment_ prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\110103_peace_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\110103_smashing_pr v.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\110103_talk2thehan d_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\avatar.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\block_sm.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\block_sm2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\block_smli.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\block_smli2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\blocked.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\blocked2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\btn_add-but.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\btn_back-but.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\btn_left_cut_enabl ed_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\btn_left_enabled_1 .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\btn_left_pressed_1 .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\btn_middle_enabled _1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\btn_middle_pressed _1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\btn_right_cut_enab led_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\btn_right_enabled_ 1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\btn_right_pressed_ 1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\business_promo.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\buttondir.txt
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\components.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\css_cattree.css
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\css_flashpreview.c ss
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\css2_main.css
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\css2_pagingmodule. css
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\css2_topbuttons.cs s
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\cursors.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\delete.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\edit_clear_sound.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\edit_fs.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\edit_select.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-543450.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-548964.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-589306.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-591943.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-592579.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-598579.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-603763.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-9595.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-9696.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-511745-514279.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-backgrounds.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-bcards.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-ecards.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-emoticons.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-estationery.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-funny.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-help.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-images.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-info.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-more.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-my.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-new.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-new2.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-options.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-people.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-photo.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-tell.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-temp.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-text.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-voice.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-def.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-premium-email-premium.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-t1-bg.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\email-temp-bg.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\estatationery.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\flashpatch.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\flashpreview.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\fs3.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\hotbar_promo.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\icon_checked_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\icon_close_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\icon_close_pressed _1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\icon_edit_preview. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\icon_edit_send.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\icon_flash_preview .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\icon_recently_used .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\icon_remove_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\icon_remove_presse d_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\icon_sand-clock2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\icon_tell_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\icon_tell_pressed_ 1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\icon_tree_null.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\icon_unchecked_1.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\icon_unchecked_pre ssed_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\img_barlayout.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\img_barlayout2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\img_barlayout4.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\img_corner_left.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\img_local_logo.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\js2_basetemplate.j s
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\js2_hbgroups.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\js2_hbobject3.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\js2_hbobjectset3.j s
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\js2_hotbarwrapper. js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\js2_iteratorsandre aders3nf.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\js2_pagingmoduleob j3.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\js2_texts3.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\js2_xmltree3nf.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\layout.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\linkpathlegal.txt
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\n.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\nav_b_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\nav_bb_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\nav_f_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\nav_ff_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\pro_hb_fo_word.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\progress.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\sales_buttons.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\searchbtn.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\submit.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\tab_bg.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\tab_bga.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\tab_bgia.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\tab_l.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\tab_la.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\tab_lia.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\tab_r.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\tab_ra.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\tab_ria.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\tree_dots.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\tree_minus.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\tree_plus.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\treedata_animation s.xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\treedata_backgroun ds.xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\treedata_ecards.xm l
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\treedata_emoticons .xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\treedata_notifiers .xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\treedata_text.xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\1\zango_btn.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\030104_emte10_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\030104_emte11_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\030104_emte12_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\030104_emte13_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\030104_emte14_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\030104_emte19_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\030104_emte20_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\030104_emte21_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\030104_emte9_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\030203lib_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\033102angel_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\033102bigluf_1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\033102bigsmile_1_p rv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\033102birthday_1_p rv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\033102cheers_1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\033102flo_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\033102good_1_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\033102jump_1_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\033102king_1_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\033102lough_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\033102luf_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\033102smile_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\033102smiled_1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\033102sor_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\033102thanx_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\033102uhu_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\040103ahh_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\040103wow_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\040104_emi2_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\042102_1134_112_pr v.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\050103big_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\050103gig_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\050103hm_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\050103nomail_emoti _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\050103norm_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\060104_ema15_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\060104_ema16_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\060104_ema17_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\060104_ema18_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\060104_ema19_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\060104_ema20_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\060104_ema21_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\060104_ema24_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\060104_ema25_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\060104_ema26_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\060104_ema30_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\060104_ema33_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\060104_ema34_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\062802hippi_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\062802jumpie_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\080402argh_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\080402oops_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\080402ouch_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\082502no_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\082502yes_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\110103_boring1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\110103_confused_pr v.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\110103_crying_ugly _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\110103_fantastic_p rv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\110103_feel_better _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\110103_gimme_break _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\110103_heehee_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\110103_hlopaet_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\110103_ign_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\110103_lol_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\110103_no_comment_ prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\110103_peace_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\110103_smashing_pr v.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\110103_talk2thehan d_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\avatar.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\block_sm.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\block_sm2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\block_smli.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\block_smli2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\blocked.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\blocked2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\btn_add-but.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\btn_back-but.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\btn_left_cut_enabl ed_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\btn_left_enabled_1 .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\btn_left_pressed_1 .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\btn_middle_enabled _1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\btn_middle_pressed _1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\btn_right_cut_enab led_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\btn_right_enabled_ 1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\btn_right_pressed_ 1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\business_promo.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\buttondir.txt
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\components.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\css_cattree.css
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\css_flashpreview.c ss
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\css2_main.css
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\css2_pagingmodule. css
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\css2_topbuttons.cs s
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\cursors.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\delete.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\edit_clear_sound.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\edit_fs.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\edit_select.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-543450.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-548964.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-589306.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-591943.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-592579.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-598579.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-603763.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-9595.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-9696.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-511745-514279.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-backgrounds.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-bcards.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-ecards.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-emoticons.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-estationery.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-funny.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-help.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-images.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-info.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-more.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-my.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-new.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-new2.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-options.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-people.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-photo.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-tell.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-temp.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-text.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-voice.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-def.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-premium-email-premium.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-t1-bg.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\email-temp-bg.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\estatationery.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\flashpatch.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\flashpreview.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\fs3.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\hotbar_promo.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\icon_checked_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\icon_close_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\icon_close_pressed _1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\icon_edit_preview. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\icon_edit_send.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\icon_flash_preview .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\icon_recently_used .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\icon_remove_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\icon_remove_presse d_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\icon_sand-clock2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\icon_tell_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\icon_tell_pressed_ 1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\icon_tree_null.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\icon_unchecked_1.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\icon_unchecked_pre ssed_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\img_barlayout.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\img_barlayout2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\img_barlayout4.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\img_corner_left.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\img_local_logo.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\js2_basetemplate.j s
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\js2_hbgroups.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\js2_hbobject3.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\js2_hbobjectset3.j s
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\js2_hotbarwrapper. js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\js2_iteratorsandre aders3nf.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\js2_pagingmoduleob j3.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\js2_texts3.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\js2_xmltree3nf.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\layout.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\linkpathlegal.txt
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\n.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\nav_b_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\nav_bb_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\nav_f_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\nav_ff_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\pro_hb_fo_word.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\progress.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\sales_buttons.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\searchbtn.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\submit.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\tab_bg.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\tab_bga.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\tab_bgia.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\tab_l.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\tab_la.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\tab_lia.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\tab_r.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\tab_ra.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\tab_ria.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\tree_dots.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\tree_minus.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\tree_plus.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\treedata_animation s.xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\treedata_backgroun ds.xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\treedata_ecards.xm l
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\treedata_emoticons .xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\treedata_notifiers .xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\treedata_text.xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\2\zango_btn.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\DownLoad\avatar.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\DownLoad\business_pr omo.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\DownLoad\buttondir.x ip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\DownLoad\code.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\DownLoad\cursors.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\DownLoad\email-def.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\DownLoad\email-t1-bg.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\DownLoad\email-temp-bg.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\DownLoad\hotbar_prom o.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\DownLoad\images.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\DownLoad\layout.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\DownLoad\linkpathleg al.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\DownLoad\localconten t.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\DownLoad\pro_hb_fo_w ord.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\DownLoad\sales_butto ns.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\DownLoad\treexml.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostOL\static\DownLoad\zango_btn.x ip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\030104_emte10_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\030104_emte11_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\030104_emte12_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\030104_emte13_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\030104_emte14_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\030104_emte19_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\030104_emte20_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\030104_emte21_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\030104_emte9_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\030203lib_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\033102angel_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\033102bigluf_1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\033102bigsmile_1_p rv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\033102birthday_1_p rv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\033102cheers_1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\033102flo_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\033102good_1_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\033102jump_1_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\033102king_1_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\033102lough_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\033102luf_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\033102smile_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\033102smiled_1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\033102sor_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\033102thanx_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\033102uhu_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\040103ahh_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\040103wow_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\040104_emi2_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\042102_1134_112_pr v.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\050103big_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\050103gig_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\050103hm_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\050103nomail_emoti _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\050103norm_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\060104_ema15_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\060104_ema16_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\060104_ema17_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\060104_ema18_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\060104_ema19_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\060104_ema20_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\060104_ema21_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\060104_ema24_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\060104_ema25_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\060104_ema26_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\060104_ema30_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\060104_ema33_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\060104_ema34_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\062802hippi_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\062802jumpie_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\080402argh_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\080402oops_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\080402ouch_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\082502no_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\082502yes_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\110103_boring1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\110103_confused_pr v.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\110103_crying_ugly _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\110103_fantastic_p rv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\110103_feel_better _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\110103_gimme_break _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\110103_heehee_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\110103_hlopaet_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\110103_ign_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\110103_lol_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\110103_no_comment_ prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\110103_peace_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\110103_smashing_pr v.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\110103_talk2thehan d_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\avatar.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\block_sm.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\block_sm2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\block_smli.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\block_smli2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\blocked.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\blocked2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\btn_add-but.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\btn_back-but.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\btn_left_cut_enabl ed_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\btn_left_enabled_1 .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\btn_left_pressed_1 .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\btn_middle_enabled _1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\btn_middle_pressed _1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\btn_right_cut_enab led_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\btn_right_enabled_ 1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\btn_right_pressed_ 1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\business_promo.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\buttondir.txt
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\components.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\css_cattree.css
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\css_flashpreview.c ss
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\css2_main.css
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\css2_pagingmodule. css
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\css2_topbuttons.cs s
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\cursors.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\delete.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\edit_clear_sound.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\edit_fs.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\edit_select.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-511724-543450.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-511724-548964.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-511724-589306.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-511724-591943.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-511724-592579.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-511724-598579.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-511724-603763.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-511724-9595.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-511724-9696.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-511745-514279.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-backgrounds.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-bcards.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-ecards.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-emoticons.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-estationery.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-funny.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-help.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-images.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-info.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-more.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-my.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-new.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-new2.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-options.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-people.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-photo.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-tell.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-temp.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-text.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-voice.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-def.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-premium-email-premium.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-t1-bg.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\email-temp-bg.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\estatationery.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\flashpatch.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\flashpreview.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\fs3.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\hotbar_promo.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\icon_checked_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\icon_close_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\icon_close_pressed _1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\icon_edit_preview. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\icon_edit_send.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\icon_flash_preview .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\icon_recently_used .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\icon_remove_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\icon_remove_presse d_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\icon_sand-clock2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\icon_tell_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\icon_tell_pressed_ 1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\icon_tree_null.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\icon_unchecked_1.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\icon_unchecked_pre ssed_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\img_barlayout.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\img_barlayout2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\img_barlayout4.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\img_corner_left.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\img_local_logo.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\js2_basetemplate.j s
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\js2_hbgroups.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\js2_hbobject3.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\js2_hbobjectset3.j s
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\js2_hotbarwrapper. js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\js2_iteratorsandre aders3nf.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\js2_pagingmoduleob j3.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\js2_texts3.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\js2_xmltree3nf.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\layout.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\linkpathlegal.txt
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\n.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\nav_b_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\nav_bb_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\nav_f_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\nav_ff_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\progress.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\sales_buttons.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\searchbtn.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\submit.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\tab_bg.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\tab_bga.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\tab_bgia.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\tab_l.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\tab_la.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\tab_lia.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\tab_r.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\tab_ra.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\tab_ria.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\tree_dots.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\tree_minus.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\tree_plus.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\treedata_animation s.xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\treedata_backgroun ds.xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\treedata_ecards.xm l
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\treedata_emoticons .xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\treedata_notifiers .xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\treedata_text.xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\1\zango_btn.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\030104_emte10_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\030104_emte11_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\030104_emte12_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\030104_emte13_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\030104_emte14_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\030104_emte19_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\030104_emte20_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\030104_emte21_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\030104_emte9_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\030203lib_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\033102angel_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\033102bigluf_1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\033102bigsmile_1_p rv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\033102birthday_1_p rv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\033102cheers_1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\033102flo_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\033102good_1_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\033102jump_1_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\033102king_1_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\033102lough_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\033102luf_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\033102smile_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\033102smiled_1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\033102sor_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\033102thanx_1_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\033102uhu_1_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\040103ahh_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\040103wow_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\040104_emi2_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\042102_1134_112_pr v.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\050103big_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\050103gig_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\050103hm_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\050103nomail_emoti _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\050103norm_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\060104_ema15_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\060104_ema16_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\060104_ema17_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\060104_ema18_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\060104_ema19_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\060104_ema20_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\060104_ema21_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\060104_ema24_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\060104_ema25_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\060104_ema26_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\060104_ema30_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\060104_ema33_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\060104_ema34_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\062802hippi_prv.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\062802jumpie_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\080402argh_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\080402oops_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\080402ouch_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\082502no_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\082502yes_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\110103_boring1_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\110103_confused_pr v.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\110103_crying_ugly _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\110103_fantastic_p rv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\110103_feel_better _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\110103_gimme_break _prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\110103_heehee_prv. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\110103_hlopaet_prv .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\110103_ign_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\110103_lol_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\110103_no_comment_ prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\110103_peace_prv.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\110103_smashing_pr v.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\110103_talk2thehan d_prv.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\avatar.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\block_sm.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\block_sm2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\block_smli.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\block_smli2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\blocked.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\blocked2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\btn_add-but.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\btn_back-but.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\btn_left_cut_enabl ed_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\btn_left_enabled_1 .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\btn_left_pressed_1 .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\btn_middle_enabled _1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\btn_middle_pressed _1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\btn_right_cut_enab led_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\btn_right_enabled_ 1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\btn_right_pressed_ 1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\business_promo.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\buttondir.txt
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\components.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\css_cattree.css
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\css_flashpreview.c ss
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\css2_main.css
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\css2_pagingmodule. css
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\css2_topbuttons.cs s
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\cursors.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\delete.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\edit_clear_sound.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\edit_fs.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\edit_select.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-511724-543450.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-511724-548964.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-511724-589306.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-511724-591943.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-511724-592579.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-511724-598579.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-511724-603763.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-511724-9595.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-511724-9696.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-511745-514279.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-backgrounds.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-bcards.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-ecards.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-emoticons.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-estationery.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-funny.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-help.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-images.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-info.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-more.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-my.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-new.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-new2.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-options.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-people.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-photo.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-tell.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-temp.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-text.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def-email-voice.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-def.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-premium-email-premium.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-t1-bg.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\email-temp-bg.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\estatationery.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\flashpatch.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\flashpreview.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\fs3.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\hotbar_promo.htm
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\icon_checked_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\icon_close_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\icon_close_pressed _1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\icon_edit_preview. gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\icon_edit_send.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\icon_flash_preview .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\icon_recently_used .gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\icon_remove_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\icon_remove_presse d_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\icon_sand-clock2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\icon_tell_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\icon_tell_pressed_ 1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\icon_tree_null.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\icon_unchecked_1.g if
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\icon_unchecked_pre ssed_1.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\img_barlayout.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\img_barlayout2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\img_barlayout4.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\img_corner_left.gi f
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\img_local_logo.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\js2_basetemplate.j s
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\js2_hbgroups.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\js2_hbobject3.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\js2_hbobjectset3.j s
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\js2_hotbarwrapper. js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\js2_iteratorsandre aders3nf.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\js2_pagingmoduleob j3.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\js2_texts3.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\js2_xmltree3nf.js
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\layout.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\linkpathlegal.txt
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\n.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\nav_b_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\nav_bb_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\nav_f_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\nav_ff_2.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\progress.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\sales_buttons.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\searchbtn.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\submit.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\tab_bg.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\tab_bga.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\tab_bgia.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\tab_l.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\tab_la.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\tab_lia.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\tab_r.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\tab_ra.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\tab_ria.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\tree_dots.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\tree_minus.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\tree_plus.gif
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\treedata_animation s.xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\treedata_backgroun ds.xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\treedata_ecards.xm l
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\treedata_emoticons .xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\treedata_notifiers .xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\treedata_text.xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\2\zango_btn.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\DownLoad\avatar.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\DownLoad\business_pr omo.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\DownLoad\buttondir.x ip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\DownLoad\code.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\DownLoad\cursors.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\DownLoad\email-def.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\DownLoad\email-t1-bg.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\DownLoad\email-temp-bg.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\DownLoad\hotbar_prom o.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\DownLoad\images.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\DownLoad\layout.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\DownLoad\linkpathleg al.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\DownLoad\localconten t.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\DownLoad\sales_butto ns.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\DownLoad\treexml.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\HostWD\static\DownLoad\zango_btn.x ip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\1384133.sdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\2657610.sdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\3340762.sdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\3893208.sdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\100006771 4
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\127752
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13562
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\144676
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26479
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\31196
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33233
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39054
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\40012
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\42208
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43377
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44228
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44458
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\455563
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51194
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\516030
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52335
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\54473
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\56154
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\592018
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64495
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64605
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6558
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67220
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67469
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6873
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\69776
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\738022
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745002
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745146
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745147
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753036
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753042
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753300
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753309
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753317
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753356
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753363
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\78600
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79257
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81880
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82155
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\8732
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\9021
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93899
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95325
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\dynamic\ustat\3710.dat
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\avatar.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\components.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\cursors.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_100 0.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_200 0.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_300 0.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar .res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bba r1.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_log os.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_oth er.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\default.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_categorize. mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_comparison. mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.m nu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.m nu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.m nu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.m nu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.m nu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidew alk.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.m nu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTr apper.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.m nu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mn u
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages .mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\editblbuttons.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\icons2.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\progress.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\sdfmodifier.xml
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xi p
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xi p
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_butt ons_1000.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_butt ons_2000.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_butt ons_3000.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_butt ons_bar.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_butt ons_bbar1.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_butt ons_logos.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_butt ons_other.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weat her.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbutton s.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_ico n.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xi p
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlega l.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_butt ons.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_button s.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier. xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xi p
c:\documents and settings\Jan\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_men u.xip
c:\windows\Downloaded Program Files\setup.inf
c:\windows\jestertb.dll
c:\windows\system32\av.dat
c:\windows\system32\av.exe
c:\windows\system32\digeste.dll
c:\windows\system32\drivers\TDSSnraa.sys
c:\windows\system32\getwn32.dll
c:\windows\system32\msexcl35.dll
c:\windows\system32\msltus35.dll
c:\windows\system32\mspdox35.dll
c:\windows\system32\msrdo20.dll
c:\windows\system32\mstext35.dll
c:\windows\system32\msxbse35.dll
c:\windows\system32\Process.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\rdocurs.dll
c:\windows\system32\shell31.dll
c:\windows\system32\TDSSalif.dat
c:\windows\system32\TDSSdcje.dll
c:\windows\system32\TDSSgwyx.log
c:\windows\system32\TDSSjgnx.dll
c:\windows\system32\TDSSkhcu.log
c:\windows\system32\TDSSmcyo.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSrqhc.dll
c:\windows\system32\TDSSsrxi.dll
c:\windows\system32\TDSSuxrr.dll
c:\windows\system32\wertyu.dll
c:\windows\wiaserviv.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DNLSVC
-------\Legacy_MSDIRECT
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SYSREST.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_WINDRIVER
-------\Service_MyWebSearchService
-------\Service_sysrest.sys
-------\Service_TDSSserv.sys
-------\Service_WinDriver

((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))
.
2009-01-11 02:38 . 2009-01-11 03:38 2,914,746 -ra------ C:\0209jan.exe
2009-01-11 02:31 . 2009-01-11 02:31 94,208 --a------ C:\GV_Cleaner.exe
2009-01-11 01:20 . 2009-01-11 01:28 <DIR> d-------- c:\program files\Registry Easy
2009-01-11 01:20 . 2009-01-11 01:20 2,487,136 --a------ C:\RegistryEasy.exe
2009-01-11 01:19 . 2009-01-11 01:19 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-01-11 00:43 . 2009-01-11 00:43 <DIR> d-------- c:\program files\XoftSpySE
2009-01-11 00:42 . 2009-01-11 00:42 3,531,328 --a------ C:\XoftSpySE_Setup_RW.exe
2009-01-10 23:47 . 2009-01-10 23:47 <DIR> d-------- c:\program files\Auslogics
2009-01-10 23:47 . 2009-01-10 23:47 <DIR> d-------- c:\program files\AskBarDis
2009-01-10 23:47 . 2009-01-10 23:47 <DIR> d-------- c:\documents and settings\Jan\Application Data\Auslogics
2009-01-10 23:45 . 2009-01-10 23:45 1,652,672 --a------ C:\disk-defrag-setup.exe
2009-01-10 23:21 . 2009-01-10 23:21 <DIR> d-------- C:\HostsXpert
2009-01-10 23:13 . 2009-01-10 23:13 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-10 23:13 . 2009-01-10 23:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-10 23:10 . 2009-01-10 23:10 15,083,520 --a------ C:\spybotsd160.exe
2009-01-10 21:42 . 2009-01-10 21:42 2,747,911 --a------ C:\stinger10000457.exe
2009-01-08 17:25 . 2009-01-08 17:25 <DIR> d-------- c:\windows\system32\regdacl
2009-01-08 17:25 . 2009-01-08 17:25 522,870 --a------ C:\KillAFile.exe
2009-01-08 17:25 . 2009-01-10 19:35 90,112 --a------ c:\windows\system32\regdacl.exe
2009-01-08 17:25 . 2009-01-10 19:35 16,384 --a------ c:\windows\system32\restart.exe
2009-01-08 17:25 . 2009-01-10 19:35 4,096 --a------ c:\windows\system32\reboot.exe
2009-01-07 01:00 . 2009-01-07 01:00 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-05 00:20 . 2009-01-05 00:20 1,632,064 --a------ C:\glisa3_03.mpg
2009-01-03 01:43 . 2009-01-03 01:44 1,167,726 --a------ C:\044.wmv
2009-01-02 23:27 . 2009-01-02 23:27 1,831,312 --a------ C:\02.mpg
2009-01-02 23:27 . 2009-01-02 23:27 1,831,312 --a------ C:\01.mpg
2009-01-02 22:09 . 2009-01-02 22:09 1,317,545 --a------ C:\herfirst4.wmv
2009-01-02 22:02 . 2009-01-02 22:02 2,245,645 --a------ C:\31.wmv
2009-01-02 22:02 . 2009-01-02 22:02 2,229,645 --a------ C:\21.wmv
2009-01-02 22:02 . 2009-01-02 22:02 2,213,645 --a------ C:\41.wmv
2009-01-02 22:00 . 2009-01-02 22:00 2,029,572 --a------ C:\04.mpg
2009-01-02 21:56 . 2009-01-02 21:56 3,275,160 --a------ C:\03.wmv
2009-01-02 21:56 . 2009-01-02 21:56 3,267,160 --a------ C:\02.wmv
2009-01-02 21:55 . 2009-01-02 21:55 2,414,544 --a------ C:\mature-lady-4.mpg
2009-01-02 21:55 . 2009-01-02 21:55 2,414,544 --a------ C:\mature-lady-3.mpg
2009-01-02 21:04 . 2009-01-02 21:04 2,574,070 --a------ C:\04.wmv
2009-01-02 20:57 . 2009-01-02 20:57 3,051,524 --a------ C:\chubby_milf_05.mpg
2009-01-02 20:57 . 2009-01-02 20:57 2,725,892 --a------ C:\chubby_milf_06.mpg
2009-01-02 20:57 . 2009-01-02 20:57 2,234,372 --a------ C:\chubby_milf_02.mpg
2009-01-02 20:00 . 2009-01-02 20:00 <DIR> d-------- c:\program files\Belgium Identity Card
2009-01-02 19:18 . 2009-01-02 21:33 <DIR> d-------- C:\E-ID
2009-01-02 12:59 . 2009-01-02 12:59 2,518,017 --a------ C:\006.wmv
2008-12-28 17:51 . 2008-12-28 17:51 14,821 --a------ C:\large_384243.jpg
2008-12-28 17:44 . 2008-12-28 17:44 93,748 --a------ C:\Zlatan-Ibrahimovic-Photos-015.jpg
2008-12-28 17:43 . 2008-12-28 17:43 190,764 --a------ C:\samuel_eto_3.jpg
2008-12-28 17:42 . 2008-12-28 17:42 128,318 --a------ C:\Frank_Ribery_Resimleri.jpg
2008-12-28 17:41 . 2008-12-28 17:41 110,943 --a------ C:\proto.jpg
2008-12-28 17:40 . 2008-12-28 17:39 208,586 --a------ C:\drogba%20WALLPAPER~4.jpg
2008-12-25 02:13 . 2008-12-25 02:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-17 19:50 . 2008-12-17 19:49 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-16 19:04 . 2008-12-16 20:39 <DIR> d-------- C:\Waterverwarmer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-01-11 03:03 --------- d-----w c:\program files\Common Files\Akamai
2009-01-11 02:01 --------- d-----w c:\program files\UltimateZip 2007
2009-01-11 02:01 --------- d-----w c:\documents and settings\All Users\Application Data\RetroExp
2009-01-10 23:24 --------- d-----w c:\documents and settings\Jan\Application Data\Metacafe
2009-01-10 23:24 --------- d-----w c:\documents and settings\All Users\Application Data\Metacafe
2009-01-09 19:38 --------- d-----w c:\documents and settings\Jan\Application Data\Skype
2009-01-09 15:05 --------- d-----w c:\documents and settings\Jan\Application Data\skypePM
2009-01-08 15:54 --------- d-----w c:\program files\LNM Client
2009-01-06 23:29 --------- d-----w c:\program files\Windows Live Safety Center
2009-01-06 23:06 --------- d-----w c:\program files\Avant Browser
2009-01-06 16:56 --------- d-----w c:\program files\a-squared Free
2009-01-02 19:00 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-26 11:35 --------- d-----w c:\program files\Java
2008-12-21 22:57 --------- d-----w c:\documents and settings\Jan\Application Data\LimeWire
2008-12-03 03:00 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-02 12:10 278,927,592 ----a-w C:\WindowsXP-KB835935-SP2-ENU.exe
2008-11-30 17:06 --------- d-----w c:\documents and settings\Jan\Application Data\PowerChallenge
2008-11-21 22:14 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-15 23:13 --------- d-----w c:\program files\FlipChip Calculator 1.4
2008-11-11 09:05 --------- d-----w c:\documents and settings\Jan\Application Data\OpenOffice.org
2008-11-11 08:59 --------- d-----w c:\program files\OpenOffice.org 3
2008-11-11 08:59 --------- d-----w c:\program files\JRE
2008-11-11 08:58 --------- d-----w c:\program files\OpenOffice.org 2.0
2008-11-11 08:56 --------- d-----w c:\documents and settings\Jan\Application Data\OpenOffice.org2
2008-11-11 08:48 149,286,272 ----a-w C:\OOo_3.0.0_Win32Intel_install_wJRE_en-US.exe
2008-03-08 10:04 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-01-13 19:52 669 ----a-w c:\program files\3D Flash Animator 4.8.html
2006-01-23 08:32 131,072 ----a-w c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 08:48 133,920 ----a-w c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2008-09-22 19:23 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-10-11 08:04 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-07 14:12 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090720080 908\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-11-30 4662776]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-22 7557120]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-05-16 102400]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"MMReminderService"="c:\program files\Mindjet\MindManager 6\MMReminderService.exe" [2006-06-22 31232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"RetroExpress"="c:\progra~1\RETROS~1\RETROS~1.0\RetroExpress.exe" [2007-01-18 9371648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-19 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"nwiz"="nwiz.exe" [2006-03-22 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-03-22 c:\windows\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
c:\documents and settings\Jan\Start Menu\Programs\Startup\
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Snelle start.lnk - c:\windows\Installer\{AC76BA86-1030-D700-7760-000000000002}\SC_Acrobat.exe [2006-09-30 25214]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-09-23 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-01-30 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736]
Start the communication Gateway.lnk - c:\windows\system32\Gateway.exe [2007-12-11 426041]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-10-31 122880]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
UpdateWin REG_SZ c:\windows\system32\6to4svch.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dllwowfx .dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Retrospect\\Retrospect Express HD 2.0\\Retrospect.exe"=
"c:\\Program Files\\Retrospect\\Retrospect Express HD 2.0\\retrorun.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-26 97928]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 81688]
R4 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-11 14336]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-26 231704]
R4 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S1 59a7c98;59a7c98;c:\windows\system32\drivers\59a7c9 8.sys --> c:\windows\system32\drivers\59a7c98.sys [?]
S3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [2007-09-21 1240576]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-09-23 29744]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2006-10-08 31872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b6936256-5970-11dc-ad2e-0016419dd57a}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
.
Contents of the 'Scheduled Tasks' folder
2009-01-10 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Jan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:08]
2009-01-11 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-01-05 18:14]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-PhiBtn - c:\windows\System32\drivers\PhiBtn.exe
HKLM-Run-Traymin900 - c:\windows\System32\drivers\Tray900.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
c:\windows\Downloaded Program Files\PowerLoader.dll - O16 -: {4BFD075D-C36E-4F28-BB0A-5D472795197A}
hxxp://powersoccer.spel.nl/applet/PowerLoader.cab
c:\windows\Downloaded Program Files\PowerLoader.inf
c:\windows\system32\gcl.dll - c:\windows\Downloaded Program Files\WebDvr.ocx
O16 -: {68B93863-D5DF-4854-8B65-9A12995D80AD}
file:///C:/BackUp%202006-09-30/Documents/Personal%20secure/Wim/Pelco/webdvr.cab
c:\windows\Downloaded Program Files\wc.inf
c:\windows\Downloaded Program Files\nvEncoderMedia.dll - O16 -: {B91012E3-3DC4-442B-B5C7-35BF3857D215}
hxxp://194.78.150.228/nvEncoderMedia.dll
c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game05.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
c:\windows\Downloaded Program Files\AgentInstaller.dll - O16 -: {C9A703E2-3145-11D8-813C-005022E14DE2}
hxxp://suvorov.lnm.eu/lnm.eu/client/LNMClientInstaller.cab
c:\windows\Downloaded Program Files\nvEPLMedia.ocx - O16 -: {DB7ACFA2-9634-4C98-BC9D-FB9416153022}
hxxp://194.78.150.228:81/nvEPLMedia.ocx
c:\windows\system32\gtdownde_110.ocx - O16 -: {E856B973-45FD-4559-8F82-EAB539144667}
hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
c:\windows\Downloaded Program Files\gtdownde_110.inf
FF - ProfilePath -
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 04:03:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders \È* 6*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Appl ication Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1292)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\scardsvr.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Wave Systems Corp\common\DataServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\program files\NetLimiter 2 Monitor\nlsvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\RETROS~1\RETROS~1.0\retrorun.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\NetLimiter 2 Monitor\NLClient.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\UltimateZip 2007\uzqkst.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
************************************************** ************************
.
Completion time: 2009-01-11 4:13:36 - machine was rebooted [Jan]
ComboFix-quarantined-files.txt 2009-01-11 03:12:16
Pre-Run: 9,332,334,592 bytes free
Post-Run: 9,347,682,304 bytes free
1682 --- E O F --- 2008-12-18 02:00:34


Daarna kon ik MalwareBytes downloaden en updaten.
Het logje daarvan is het volgende:


Malwarebytes' Anti-Malware 1.32
Database versie: 1638
Windows 5.1.2600 Service Pack 3
1/11/2009 10:46:29 AM
mbam-log-2009-01-11 (10-46-07).txt
Scan type: Volledige Scan (C:\|)
Objecten gescand: 227925
Verstreken tijd: 2 hour(s), 8 minute(s), 26 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 1
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 6
Registerdata bestanden geïnfecteerd: 1
Mappen geïnfecteerd: 2
Bestanden geïnfecteerd: 10
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> No action taken.
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWi n (Worm.Sdbot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control \Lsa\UpdateWin (Worm.Sdbot) -> No action taken.
Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dllschannel.dlldigest.dllmsnsspc.dllwowf x.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll) -> No action taken.
Mappen geïnfecteerd:
C:\WINDOWS\system32\append.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\xlib254.dll (Trojan.Agent) -> No action taken.
Bestanden geïnfecteerd:
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSjgnx.d ll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSmcyo.d ll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSsrxi.d ll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSuxrr.d ll.vir (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP122\A0031088.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP122\A0031089.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP122\A0031090.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP122\A0031091.dll (Trojan.TDSS) -> No action taken.
C:\Documents and Settings\Jan\Application Data\config.cfg (Malware.Trace) -> No action taken.


Voor de volledigheid voeg ik nog mijn laatste HJT logje toe:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:11 AM, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\WINDOWS\system32\Gateway.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\UltimateZip 2007\uzqkst.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrospect.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923 (http://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: OpenOffice.org 2.0 .lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Start the communication Gateway.lnk = C:\WINDOWS\system32\Gateway.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powersoccer.spel.nl/applet/PowerLoader.cab
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {68B93863-D5DF-4854-8B65-9A12995D80AD} (WebDVR Control) - file:///C:/BackUp%202006-09-30/Documents/Personal%20secure/Wim/Pelco/webdvr.cab
O16 - DPF: {B91012E3-3DC4-442B-B5C7-35BF3857D215} (Encoder Media Control) - http://194.78.150.228/nvEncoderMedia.dll
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://suvorov.lnm.eu/lnm.eu/client/LNMClientInstaller.cab
O16 - DPF: {DB7ACFA2-9634-4C98-BC9D-FB9416153022} (nvEPLMedia Control) - http://194.78.150.228:81/nvEPLMedia.ocx
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 18342 bytes


Ik kan zoals je merkt terug op sites met security inhoud.
Zijn er volgens u nog zaken die ik moet doen om mijn laptop virusvrij te maken?

Start mbam nogmaals , het liefste in veilige modus en doe een uitgebreide scan, verwijder alles wat het vind en start opnieuw op.

Doe een nieuwe scan met combofix en plaats het nieuwe logje samen met een nieuw HJT logje aub.

Hieronder mijn drie logjes:


Malwarebytes' Anti-Malware 1.32
Database versie: 1638
Windows 5.1.2600 Service Pack 3
1/12/2009 7:20:43 AM
mbam-log-2009-01-12 (07-20-43).txt
Scan type: Volledige Scan (C:\|)
Objecten gescand: 242508
Verstreken tijd: 1 hour(s), 19 minute(s), 20 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)


ComboFix 09-01-10.03 - Jan 2009-01-12 7:27:03.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1656 [GMT 1:00]
Running from: C:\0209jan.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.
2009-01-11 16:52 . 2009-01-11 16:52 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-11 16:52 . 2009-01-11 16:52 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-11 16:52 . 2009-01-11 16:52 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-11 16:52 . 2009-01-11 16:52 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-11 14:36 . 2009-01-11 14:36 <DIR> d-------- c:\program files\Windows Defender
2009-01-11 14:25 . 2009-01-11 14:25 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-01-11 04:18 . 2009-01-11 04:18 2,697,168 --a------ C:\mbam-setup.exe
2009-01-11 02:38 . 2009-01-12 07:26 2,915,194 -ra------ C:\0209jan.exe
2009-01-11 02:31 . 2009-01-11 02:31 94,208 --a------ C:\GV_Cleaner.exe
2009-01-11 01:20 . 2009-01-11 12:05 <DIR> d-------- c:\program files\Registry Easy
2009-01-11 01:20 . 2009-01-11 01:20 2,487,136 --a------ C:\RegistryEasy.exe
2009-01-11 01:19 . 2009-01-11 01:19 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-01-11 00:43 . 2009-01-11 00:43 <DIR> d-------- c:\program files\XoftSpySE
2009-01-11 00:42 . 2009-01-11 00:42 3,531,328 --a------ C:\XoftSpySE_Setup_RW.exe
2009-01-10 23:47 . 2009-01-10 23:47 <DIR> d-------- c:\program files\Auslogics
2009-01-10 23:47 . 2009-01-10 23:47 <DIR> d-------- c:\program files\AskBarDis
2009-01-10 23:47 . 2009-01-10 23:47 <DIR> d-------- c:\documents and settings\Jan\Application Data\Auslogics
2009-01-10 23:45 . 2009-01-10 23:45 1,652,672 --a------ C:\disk-defrag-setup.exe
2009-01-10 23:21 . 2009-01-10 23:21 <DIR> d-------- C:\HostsXpert
2009-01-10 23:13 . 2009-01-10 23:13 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-10 23:13 . 2009-01-11 17:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-10 23:10 . 2009-01-10 23:10 15,083,520 --a------ C:\spybotsd160.exe
2009-01-10 21:42 . 2009-01-10 21:42 2,747,911 --a------ C:\stinger10000457.exe
2009-01-08 17:25 . 2009-01-08 17:25 <DIR> d-------- c:\windows\system32\regdacl
2009-01-08 17:25 . 2009-01-08 17:25 522,870 --a------ C:\KillAFile.exe
2009-01-08 17:25 . 2009-01-10 19:35 90,112 --a------ c:\windows\system32\regdacl.exe
2009-01-08 17:25 . 2009-01-10 19:35 16,384 --a------ c:\windows\system32\restart.exe
2009-01-08 17:25 . 2009-01-10 19:35 4,096 --a------ c:\windows\system32\reboot.exe
2009-01-07 01:00 . 2009-01-07 01:00 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-05 00:20 . 2009-01-05 00:20 1,632,064 --a------ C:\glisa3_03.mpg
2009-01-03 01:43 . 2009-01-03 01:44 1,167,726 --a------ C:\044.wmv
2009-01-02 23:27 . 2009-01-02 23:27 1,831,312 --a------ C:\02.mpg
2009-01-02 23:27 . 2009-01-02 23:27 1,831,312 --a------ C:\01.mpg
2009-01-02 22:09 . 2009-01-02 22:09 1,317,545 --a------ C:\herfirst4.wmv
2009-01-02 22:02 . 2009-01-02 22:02 2,245,645 --a------ C:\31.wmv
2009-01-02 22:02 . 2009-01-02 22:02 2,229,645 --a------ C:\21.wmv
2009-01-02 22:02 . 2009-01-02 22:02 2,213,645 --a------ C:\41.wmv
2009-01-02 22:00 . 2009-01-02 22:00 2,029,572 --a------ C:\04.mpg
2009-01-02 21:56 . 2009-01-02 21:56 3,275,160 --a------ C:\03.wmv
2009-01-02 21:56 . 2009-01-02 21:56 3,267,160 --a------ C:\02.wmv
2009-01-02 21:55 . 2009-01-02 21:55 2,414,544 --a------ C:\mature-lady-4.mpg
2009-01-02 21:55 . 2009-01-02 21:55 2,414,544 --a------ C:\mature-lady-3.mpg
2009-01-02 21:04 . 2009-01-02 21:04 2,574,070 --a------ C:\04.wmv
2009-01-02 20:57 . 2009-01-02 20:57 3,051,524 --a------ C:\chubby_milf_05.mpg
2009-01-02 20:57 . 2009-01-02 20:57 2,725,892 --a------ C:\chubby_milf_06.mpg
2009-01-02 20:57 . 2009-01-02 20:57 2,234,372 --a------ C:\chubby_milf_02.mpg
2009-01-02 20:00 . 2009-01-02 20:00 <DIR> d-------- c:\program files\Belgium Identity Card
2009-01-02 19:18 . 2009-01-02 21:33 <DIR> d-------- C:\E-ID
2009-01-02 12:59 . 2009-01-02 12:59 2,518,017 --a------ C:\006.wmv
2008-12-28 17:51 . 2008-12-28 17:51 14,821 --a------ C:\large_384243.jpg
2008-12-28 17:44 . 2008-12-28 17:44 93,748 --a------ C:\Zlatan-Ibrahimovic-Photos-015.jpg
2008-12-28 17:43 . 2008-12-28 17:43 190,764 --a------ C:\samuel_eto_3.jpg
2008-12-28 17:42 . 2008-12-28 17:42 128,318 --a------ C:\Frank_Ribery_Resimleri.jpg
2008-12-28 17:41 . 2008-12-28 17:41 110,943 --a------ C:\proto.jpg
2008-12-28 17:40 . 2008-12-28 17:39 208,586 --a------ C:\drogba%20WALLPAPER~4.jpg
2008-12-25 02:13 . 2008-12-25 02:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-17 19:50 . 2008-12-17 19:49 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-16 19:04 . 2008-12-16 20:39 <DIR> d-------- C:\Waterverwarmer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-01-12 06:44 --------- d-----w c:\program files\UltimateZip 2007
2009-01-12 06:44 --------- d-----w c:\documents and settings\All Users\Application Data\RetroExp
2009-01-12 06:42 --------- d-----w c:\program files\Common Files\Akamai
2009-01-12 00:02 --------- d-----w c:\documents and settings\Jan\Application Data\Skype
2009-01-11 23:05 --------- d-----w c:\documents and settings\Jan\Application Data\Metacafe
2009-01-11 23:05 --------- d-----w c:\documents and settings\All Users\Application Data\Metacafe
2009-01-11 18:31 --------- d-----w c:\documents and settings\Jan\Application Data\skypePM
2009-01-11 13:22 --------- d-----w c:\program files\a-squared Free
2009-01-11 03:19 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-08 15:54 --------- d-----w c:\program files\LNM Client
2009-01-06 23:29 --------- d-----w c:\program files\Windows Live Safety Center
2009-01-06 23:06 --------- d-----w c:\program files\Avant Browser
2009-01-04 17:41 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 17:41 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-02 19:00 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-26 11:35 --------- d-----w c:\program files\Java
2008-12-21 22:57 --------- d-----w c:\documents and settings\Jan\Application Data\LimeWire
2008-12-03 03:00 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-02 12:10 278,927,592 ----a-w C:\WindowsXP-KB835935-SP2-ENU.exe
2008-11-30 17:06 --------- d-----w c:\documents and settings\Jan\Application Data\PowerChallenge
2008-11-21 22:14 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-15 23:13 --------- d-----w c:\program files\FlipChip Calculator 1.4
2008-11-11 08:48 149,286,272 ----a-w C:\OOo_3.0.0_Win32Intel_install_wJRE_en-US.exe
2008-03-08 10:04 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-01-13 19:52 669 ----a-w c:\program files\3D Flash Animator 4.8.html
2006-01-23 08:32 131,072 ----a-w c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 08:48 133,920 ----a-w c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2008-09-22 19:23 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-10-11 08:04 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-07 14:12 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090720080 908\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-11_ 4.10.57.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-02-15 17:01:04 1,476,992 ------w c:\windows\system32\LegitCheckControl.dll
+ 2008-03-20 17:06:36 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.DLL
+ 2009-01-12 06:34:00 16,384 ----atw c:\windows\temp\Perflib_Perfdata_3fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-11-30 4662776]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Jan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-22 7557120]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-05-16 102400]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"MMReminderService"="c:\program files\Mindjet\MindManager 6\MMReminderService.exe" [2006-06-22 31232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"RetroExpress"="c:\progra~1\RETROS~1\RETROS~1.0\RetroExpress.exe" [2007-01-18 9371648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-19 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"nwiz"="nwiz.exe" [2006-03-22 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-03-22 c:\windows\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
c:\documents and settings\Jan\Start Menu\Programs\Startup\
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Snelle start.lnk - c:\windows\Installer\{AC76BA86-1030-D700-7760-000000000002}\SC_Acrobat.exe [2006-09-30 25214]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-09-23 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-01-30 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736]
Start the communication Gateway.lnk - c:\windows\system32\Gateway.exe [2007-12-11 426041]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-10-31 122880]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Retrospect\\Retrospect Express HD 2.0\\Retrospect.exe"=
"c:\\Program Files\\Retrospect\\Retrospect Express HD 2.0\\retrorun.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-26 97928]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 81688]
R4 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-11 14336]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-26 231704]
R4 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S1 59a7c98;59a7c98;c:\windows\system32\drivers\59a7c9 8.sys --> c:\windows\system32\drivers\59a7c98.sys [?]
S3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [2007-09-21 1240576]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-09-23 29744]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2006-10-08 31872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b6936256-5970-11dc-ad2e-0016419dd57a}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
.
Contents of the 'Scheduled Tasks' folder
2009-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1345003609-3331660833-1675125383-1005.job
- c:\documents and settings\Jan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:08]
2009-01-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
2009-01-11 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-01-05 18:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
c:\windows\Downloaded Program Files\PowerLoader.dll - O16 -: {4BFD075D-C36E-4F28-BB0A-5D472795197A}
hxxp://powersoccer.spel.nl/applet/PowerLoader.cab
c:\windows\Downloaded Program Files\PowerLoader.inf
c:\windows\system32\gcl.dll - c:\windows\Downloaded Program Files\WebDvr.ocx
O16 -: {68B93863-D5DF-4854-8B65-9A12995D80AD}
file:///C:/BackUp%202006-09-30/Documents/Personal%20secure/Wim/Pelco/webdvr.cab
c:\windows\Downloaded Program Files\wc.inf
c:\windows\Downloaded Program Files\nvEncoderMedia.dll - O16 -: {B91012E3-3DC4-442B-B5C7-35BF3857D215}
hxxp://194.78.150.228/nvEncoderMedia.dll
c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game05.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
c:\windows\Downloaded Program Files\AgentInstaller.dll - O16 -: {C9A703E2-3145-11D8-813C-005022E14DE2}
hxxp://suvorov.lnm.eu/lnm.eu/client/LNMClientInstaller.cab
c:\windows\Downloaded Program Files\nvEPLMedia.ocx - O16 -: {DB7ACFA2-9634-4C98-BC9D-FB9416153022}
hxxp://194.78.150.228:81/nvEPLMedia.ocx
c:\windows\system32\gtdownde_110.ocx - O16 -: {E856B973-45FD-4559-8F82-EAB539144667}
hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
c:\windows\Downloaded Program Files\gtdownde_110.inf
FF - ProfilePath -
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 07:42:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders \È* 6*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Appl ication Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1288)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\scardsvr.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Wave Systems Corp\common\DataServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\program files\NetLimiter 2 Monitor\nlsvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\RETROS~1\RETROS~1.0\retrorun.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\NetLimiter 2 Monitor\NLClient.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\UltimateZip 2007\uzqkst.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\windows\system32\HPZipm12.exe
.
************************************************** ************************
.
Completion time: 2009-01-12 7:51:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-12 06:49:51
ComboFix2.txt 2009-01-11 03:13:38
Pre-Run: 11,162,456,064 bytes free
Post-Run: 9,108,848,640 bytes free
319 --- E O F --- 2008-12-18 02:00:34


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:07 AM, on 1/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\WINDOWS\system32\Gateway.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\UltimateZip 2007\uzqkst.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923 (http://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2060923
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: OpenOffice.org 2.0 .lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2007\uzqkst.exe
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Start the communication Gateway.lnk = C:\WINDOWS\system32\Gateway.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://powersoccer.spel.nl/applet/PowerLoader.cab
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {68B93863-D5DF-4854-8B65-9A12995D80AD} (WebDVR Control) - file:///C:/BackUp%202006-09-30/Documents/Personal%20secure/Wim/Pelco/webdvr.cab
O16 - DPF: {B91012E3-3DC4-442B-B5C7-35BF3857D215} (Encoder Media Control) - http://194.78.150.228/nvEncoderMedia.dll
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://suvorov.lnm.eu/lnm.eu/client/LNMClientInstaller.cab
O16 - DPF: {DB7ACFA2-9634-4C98-BC9D-FB9416153022} (nvEPLMedia Control) - http://194.78.150.228:81/nvEPLMedia.ocx
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 18231 bytes


Is de laptop nu virusvrij? Of zijn er nog verdachte zaken te vinden?

persoonlijk vind ik deze zaken verdacht zat.
C:\mature-lady-4.mpg
C:\chubby_milf_05.mpg

en die andere die in dat rijtje staan. Ik heb ook het vermoeden dat je infectie van die pagina' s vandaan komt.