Ga naar inhoud

Er komt steeds een waarschuwing van spyware op en mijn configuratiescherm is weg?


Gast heethoofdje
 Delen

Aanbevolen berichten

Gast heethoofdje

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-02 11:55:40

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b6b5aeb48]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000b6b5aeb48]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]

"\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:0000004e

scanning hidden files ...

C:\WINDOWS\ddubbv.exe 383488 bytes executable

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\01\12-{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}-v1-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\13\237-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v13-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v237-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 11172 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\13\237-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v13-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v237-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1304 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\15\15-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v15-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 11172 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\15\15-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v15-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1304 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\34\234-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v234-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v234-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 328 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\39\239-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v239-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v239-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 678414 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\39\239-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v239-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v239-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 20568 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\01\10-{C3F71F9A-C466-091A-F966-BC4104ADF69D}-v1-{CBCF9574-80E6-415F-8157-3406DB02160A}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\12\12-{CBCF9574-80E6-415F-8157-3406DB02160A}-v12-{CBCF9574-80E6-415F-8157-3406DB02160A}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 3036 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\12\12-{CBCF9574-80E6-415F-8157-3406DB02160A}-v12-{CBCF9574-80E6-415F-8157-3406DB02160A}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 344 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\13\18-{CBCF9574-80E6-415F-8157-3406DB02160A}-v13-{CBCF9574-80E6-415F-8157-3406DB02160A}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1794 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\13\18-{CBCF9574-80E6-415F-8157-3406DB02160A}-v13-{CBCF9574-80E6-415F-8157-3406DB02160A}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 192 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\13\22-{46804E9E-8B14-42C3-87FA-81B19DEE3689}-v13-{CBCF9574-80E6-415F-8157-3406DB02160A}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 30270 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\13\22-{46804E9E-8B14-42C3-87FA-81B19DEE3689}-v13-{CBCF9574-80E6-415F-8157-3406DB02160A}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2262 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\13\22-{46804E9E-8B14-42C3-87FA-81B19DEE3689}-v13-{CBCF9574-80E6-415F-8157-3406DB02160A}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3368 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\15\20-{CBCF9574-80E6-415F-8157-3406DB02160A}-v15-{CBCF9574-80E6-415F-8157-3406DB02160A}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16212 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\15\20-{CBCF9574-80E6-415F-8157-3406DB02160A}-v15-{CBCF9574-80E6-415F-8157-3406DB02160A}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1848 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\21\21-{CBCF9574-80E6-415F-8157-3406DB02160A}-v21-{CBCF9574-80E6-415F-8157-3406DB02160A}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2568 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\21\21-{CBCF9574-80E6-415F-8157-3406DB02160A}-v21-{CBCF9574-80E6-415F-8157-3406DB02160A}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 304 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\De_koeyer86@hotmail.com\SharingMetadata\rsca-dieter@hotmail.com\DFSR\Staging\CS{9102FA29-800C-04A7-5763-036A24B73970}\01\10-{9102FA29-800C-04A7-5763-036A24B73970}-v1-{6D0BBA40-D917-49B3-B854-6E2A747D5F55}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\michael.cracky@hotmail.com\SharingMetadata\dany.primo@hotmail.com\DFSR\Staging\CS{68EF69BD-8A8B-E4E9-8744-A6873A425AC9}\01\18-{68EF69BD-8A8B-E4E9-8744-A6873A425AC9}-v1-{708F6EE8-C0E9-4675-ABE8-BC5D24481E7C}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\michael.cracky@hotmail.com\SharingMetadata\dany.primo@hotmail.com\DFSR\Staging\CS{68EF69BD-8A8B-E4E9-8744-A6873A425AC9}\12\12-{3F5795E5-B627-412D-8CD8-748A90599090}-v12-{3F5795E5-B627-412D-8CD8-748A90599090}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5960 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\michael.cracky@hotmail.com\SharingMetadata\dany.primo@hotmail.com\DFSR\Staging\CS{68EF69BD-8A8B-E4E9-8744-A6873A425AC9}\13\13-{3F5795E5-B627-412D-8CD8-748A90599090}-v13-{3F5795E5-B627-412D-8CD8-748A90599090}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1664 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\michael.cracky@hotmail.com\SharingMetadata\dany.primo@hotmail.com\DFSR\Staging\CS{68EF69BD-8A8B-E4E9-8744-A6873A425AC9}\20\20-{3F5795E5-B627-412D-8CD8-748A90599090}-v20-{3F5795E5-B627-412D-8CD8-748A90599090}-v20-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1592 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\01\10-{EC3D160C-5374-ACC6-825D-414370515518}-v1-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\11\16-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v11-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16032 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\11\16-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v11-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1824 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\12\14-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v12-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10092 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\12\14-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v12-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1088 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\16\17-{46804E9E-8B14-42C3-87FA-81B19DEE3689}-v16-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9588 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\16\17-{46804E9E-8B14-42C3-87FA-81B19DEE3689}-v16-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1064 bytes hidden from API

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 33

file zipped: C:\Documents and Settings\Danny\Mijn documenten\Y\SDFix\Report.txt -> catchme.zip -> Report.txt ( 32717 bytes )

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-02 11:55:40

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b6b5aeb48]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000b6b5aeb48]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]

"\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:0000004e

scanning hidden files ...

C:\WINDOWS\ddubbv.exe 383488 bytes executable

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\01\12-{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}-v1-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\13\237-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v13-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v237-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 11172 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\13\237-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v13-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v237-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1304 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\15\15-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v15-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 11172 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\15\15-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v15-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1304 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\34\234-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v234-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v234-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 328 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\39\239-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v239-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v239-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 678414 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\39\239-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v239-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v239-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 20568 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\01\10-{C3F71F9A-C466-091A-F966-BC4104ADF69D}-v1-{CBCF9574-80E6-415F-8157-3406DB02160A}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\12\12-{CBCF9574-80E6-415F-8157-3406DB02160A}-v12-{CBCF9574-80E6-415F-8157-3406DB02160A}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 3036 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\12\12-{CBCF9574-80E6-415F-8157-3406DB02160A}-v12-{CBCF9574-80E6-415F-8157-3406DB02160A}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 344 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\13\18-{CBCF9574-80E6-415F-8157-3406DB02160A}-v13-{CBCF9574-80E6-415F-8157-3406DB02160A}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1794 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\13\18-{CBCF9574-80E6-415F-8157-3406DB02160A}-v13-{CBCF9574-80E6-415F-8157-3406DB02160A}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 192 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\13\22-{46804E9E-8B14-42C3-87FA-81B19DEE3689}-v13-{CBCF9574-80E6-415F-8157-3406DB02160A}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 30270 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\13\22-{46804E9E-8B14-42C3-87FA-81B19DEE3689}-v13-{CBCF9574-80E6-415F-8157-3406DB02160A}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2262 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\13\22-{46804E9E-8B14-42C3-87FA-81B19DEE3689}-v13-{CBCF9574-80E6-415F-8157-3406DB02160A}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3368 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\15\20-{CBCF9574-80E6-415F-8157-3406DB02160A}-v15-{CBCF9574-80E6-415F-8157-3406DB02160A}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16212 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\15\20-{CBCF9574-80E6-415F-8157-3406DB02160A}-v15-{CBCF9574-80E6-415F-8157-3406DB02160A}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1848 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\21\21-{CBCF9574-80E6-415F-8157-3406DB02160A}-v21-{CBCF9574-80E6-415F-8157-3406DB02160A}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2568 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\21\21-{CBCF9574-80E6-415F-8157-3406DB02160A}-v21-{CBCF9574-80E6-415F-8157-3406DB02160A}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 304 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\De_koeyer86@hotmail.com\SharingMetadata\rsca-dieter@hotmail.com\DFSR\Staging\CS{9102FA29-800C-04A7-5763-036A24B73970}\01\10-{9102FA29-800C-04A7-5763-036A24B73970}-v1-{6D0BBA40-D917-49B3-B854-6E2A747D5F55}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\michael.cracky@hotmail.com\SharingMetadata\dany.primo@hotmail.com\DFSR\Staging\CS{68EF69BD-8A8B-E4E9-8744-A6873A425AC9}\01\18-{68EF69BD-8A8B-E4E9-8744-A6873A425AC9}-v1-{708F6EE8-C0E9-4675-ABE8-BC5D24481E7C}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\michael.cracky@hotmail.com\SharingMetadata\dany.primo@hotmail.com\DFSR\Staging\CS{68EF69BD-8A8B-E4E9-8744-A6873A425AC9}\12\12-{3F5795E5-B627-412D-8CD8-748A90599090}-v12-{3F5795E5-B627-412D-8CD8-748A90599090}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5960 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\michael.cracky@hotmail.com\SharingMetadata\dany.primo@hotmail.com\DFSR\Staging\CS{68EF69BD-8A8B-E4E9-8744-A6873A425AC9}\13\13-{3F5795E5-B627-412D-8CD8-748A90599090}-v13-{3F5795E5-B627-412D-8CD8-748A90599090}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1664 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\michael.cracky@hotmail.com\SharingMetadata\dany.primo@hotmail.com\DFSR\Staging\CS{68EF69BD-8A8B-E4E9-8744-A6873A425AC9}\20\20-{3F5795E5-B627-412D-8CD8-748A90599090}-v20-{3F5795E5-B627-412D-8CD8-748A90599090}-v20-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1592 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\01\10-{EC3D160C-5374-ACC6-825D-414370515518}-v1-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\11\16-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v11-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16032 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\11\16-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v11-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1824 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\12\14-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v12-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10092 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\12\14-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v12-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1088 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\16\17-{46804E9E-8B14-42C3-87FA-81B19DEE3689}-v16-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9588 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\16\17-{46804E9E-8B14-42C3-87FA-81B19DEE3689}-v16-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1064 bytes hidden from API

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 33

file zipped: C:\Documents and Settings\Danny\Mijn documenten\Y\SDFix\Report.txt -> catchme.zip -> Report.txt ( 32717 bytes )

SDFix: Version 1.116

Run by Danny on zo 02/12/2007 at 11:41

Microsoft Windows XP [versie 5.1.2600]

Running From: C:\DOCUME~1\Danny\MIJNDO~1\Y\SDFix

Safe Mode:

Checking Services:

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting...

Normal Mode:

Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

C:\WINDOWS

No streams found.

C:\WINDOWS\system32

No streams found.

C:\WINDOWS\system32\svchost.exe

No streams found.

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-02 11:55:40

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b6b5aeb48]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000b6b5aeb48]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]

"\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:0000004e

scanning hidden files ...

C:\WINDOWS\ddubbv.exe 383488 bytes executable

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\01\12-{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}-v1-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\13\237-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v13-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v237-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 11172 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\13\237-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v13-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v237-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1304 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\15\15-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v15-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 11172 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\15\15-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v15-{8C57E19A-3081-48F0-8E9D-99CE0E07F332}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1304 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\34\234-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v234-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v234-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 328 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\39\239-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v239-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v239-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 678414 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\bridgesboy_99@hotmail.com\SharingMetadata\sevenofnine10@hotmail.com\DFSR\Staging\CS{4B79E2D5-71C0-0BD4-DB0A-6DECFB76F834}\39\239-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v239-{BD63CDCC-9023-4669-83B5-8C2E6FC62538}-v239-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 20568 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\01\10-{C3F71F9A-C466-091A-F966-BC4104ADF69D}-v1-{CBCF9574-80E6-415F-8157-3406DB02160A}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\12\12-{CBCF9574-80E6-415F-8157-3406DB02160A}-v12-{CBCF9574-80E6-415F-8157-3406DB02160A}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 3036 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\12\12-{CBCF9574-80E6-415F-8157-3406DB02160A}-v12-{CBCF9574-80E6-415F-8157-3406DB02160A}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 344 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\13\18-{CBCF9574-80E6-415F-8157-3406DB02160A}-v13-{CBCF9574-80E6-415F-8157-3406DB02160A}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1794 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\13\18-{CBCF9574-80E6-415F-8157-3406DB02160A}-v13-{CBCF9574-80E6-415F-8157-3406DB02160A}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 192 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\13\22-{46804E9E-8B14-42C3-87FA-81B19DEE3689}-v13-{CBCF9574-80E6-415F-8157-3406DB02160A}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 30270 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\13\22-{46804E9E-8B14-42C3-87FA-81B19DEE3689}-v13-{CBCF9574-80E6-415F-8157-3406DB02160A}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2262 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\13\22-{46804E9E-8B14-42C3-87FA-81B19DEE3689}-v13-{CBCF9574-80E6-415F-8157-3406DB02160A}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3368 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\15\20-{CBCF9574-80E6-415F-8157-3406DB02160A}-v15-{CBCF9574-80E6-415F-8157-3406DB02160A}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16212 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\15\20-{CBCF9574-80E6-415F-8157-3406DB02160A}-v15-{CBCF9574-80E6-415F-8157-3406DB02160A}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1848 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\21\21-{CBCF9574-80E6-415F-8157-3406DB02160A}-v21-{CBCF9574-80E6-415F-8157-3406DB02160A}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2568 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\dany.primo@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{C3F71F9A-C466-091A-F966-BC4104ADF69D}\21\21-{CBCF9574-80E6-415F-8157-3406DB02160A}-v21-{CBCF9574-80E6-415F-8157-3406DB02160A}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 304 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\De_koeyer86@hotmail.com\SharingMetadata\rsca-dieter@hotmail.com\DFSR\Staging\CS{9102FA29-800C-04A7-5763-036A24B73970}\01\10-{9102FA29-800C-04A7-5763-036A24B73970}-v1-{6D0BBA40-D917-49B3-B854-6E2A747D5F55}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\michael.cracky@hotmail.com\SharingMetadata\dany.primo@hotmail.com\DFSR\Staging\CS{68EF69BD-8A8B-E4E9-8744-A6873A425AC9}\01\18-{68EF69BD-8A8B-E4E9-8744-A6873A425AC9}-v1-{708F6EE8-C0E9-4675-ABE8-BC5D24481E7C}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\michael.cracky@hotmail.com\SharingMetadata\dany.primo@hotmail.com\DFSR\Staging\CS{68EF69BD-8A8B-E4E9-8744-A6873A425AC9}\12\12-{3F5795E5-B627-412D-8CD8-748A90599090}-v12-{3F5795E5-B627-412D-8CD8-748A90599090}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5960 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\michael.cracky@hotmail.com\SharingMetadata\dany.primo@hotmail.com\DFSR\Staging\CS{68EF69BD-8A8B-E4E9-8744-A6873A425AC9}\13\13-{3F5795E5-B627-412D-8CD8-748A90599090}-v13-{3F5795E5-B627-412D-8CD8-748A90599090}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1664 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\michael.cracky@hotmail.com\SharingMetadata\dany.primo@hotmail.com\DFSR\Staging\CS{68EF69BD-8A8B-E4E9-8744-A6873A425AC9}\20\20-{3F5795E5-B627-412D-8CD8-748A90599090}-v20-{3F5795E5-B627-412D-8CD8-748A90599090}-v20-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1592 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\01\10-{EC3D160C-5374-ACC6-825D-414370515518}-v1-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\11\16-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v11-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16032 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\11\16-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v11-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1824 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\12\14-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v12-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 10092 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\12\14-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v12-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1088 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\16\17-{46804E9E-8B14-42C3-87FA-81B19DEE3689}-v16-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9588 bytes hidden from API

C:\Documents and Settings\Danny\Local Settings\Application Data\Microsoft\Messenger\vivi.mie@hotmail.com\SharingMetadata\neetje1948@hotmail.com\DFSR\Staging\CS{EC3D160C-5374-ACC6-825D-414370515518}\16\17-{46804E9E-8B14-42C3-87FA-81B19DEE3689}-v16-{348C244C-590E-47EF-81EA-2B0A6B1ED796}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1064 bytes hidden from API

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 33

Remaining Services:

------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager"

"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\winks\\Guitar Smash\\install.exe"="C:\\winks\\Guitar Smash\\install.exe:*:Enabled:install"

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\\winks\\Skaterfun\\install.exe"="C:\\winks\\Skaterfun\\install.exe:*:Enabled:install"

"C:\\winks\\Sleepy Soldier\\install.exe"="C:\\winks\\Sleepy Soldier\\install.exe:*:Enabled:install"

"C:\\winks\\Sloppy One - 7up\\install.exe"="C:\\winks\\Sloppy One - 7up\\install.exe:*:Enabled:install"

"C:\\winks\\Smile\\install.exe"="C:\\winks\\Smile\\install.exe:*:Enabled:install"

"C:\\winks\\Hyper Crazy\\install.exe"="C:\\winks\\Hyper Crazy\\install.exe:*:Enabled:install"

"C:\\winks\\Madador\\install.exe"="C:\\winks\\Madador\\install.exe:*:Enabled:install"

"C:\\winks\\Lunch\\install.exe"="C:\\winks\\Lunch\\install.exe:*:Enabled:install"

"C:\\winks\\Peace Cat\\install.exe"="C:\\winks\\Peace Cat\\install.exe:*:Enabled:install"

"C:\\winks\\Miss You Smily\\install.exe"="C:\\winks\\Miss You Smily\\install.exe:*:Enabled:install"

"C:\\winks\\Peace Out\\install.exe"="C:\\winks\\Peace Out\\install.exe:*:Enabled:install"

"C:\\winks\\Moon - Jap\\install.exe"="C:\\winks\\Moon - Jap\\install.exe:*:Enabled:install"

"C:\\winks\\Nyeah Nyeah\\install.exe"="C:\\winks\\Nyeah Nyeah\\install.exe:*:Enabled:install"

"C:\\winks\\Morning After\\install.exe"="C:\\winks\\Morning After\\install.exe:*:Enabled:install"

"C:\\winks\\On The Run\\install.exe"="C:\\winks\\On The Run\\install.exe:*:Enabled:install"

"C:\\winks\\Peace Out 2\\install.exe"="C:\\winks\\Peace Out 2\\install.exe:*:Enabled:install"

"C:\\winks\\Middle Finger\\install.exe"="C:\\winks\\Middle Finger\\install.exe:*:Enabled:install"

"C:\\winks\\Jap - Bunny Tail Falls off\\install.exe"="C:\\winks\\Jap - Bunny Tail Falls off\\install.exe:*:Enabled:install"

"C:\\winks\\Screen Punch Hand\\install.exe"="C:\\winks\\Screen Punch Hand\\install.exe:*:Enabled:install"

"C:\\winks\\Say What\\install.exe"="C:\\winks\\Say What\\install.exe:*:Enabled:install"

"C:\\winks\\Rock On\\install.exe"="C:\\winks\\Rock On\\install.exe:*:Enabled:install"

"C:\\winks\\Scream\\install.exe"="C:\\winks\\Scream\\install.exe:*:Enabled:install"

"C:\\winks\\Plane Drop Off\\install.exe"="C:\\winks\\Plane Drop Off\\install.exe:*:Enabled:install"

"C:\\winks\\Sad Puppy\\install.exe"="C:\\winks\\Sad Puppy\\install.exe:*:Enabled:install"

"C:\\winks\\Sad Penguin\\install.exe"="C:\\winks\\Sad Penguin\\install.exe:*:Enabled:install"

"C:\\winks\\Rainy Day\\install.exe"="C:\\winks\\Rainy Day\\install.exe:*:Enabled:install"

"C:\\winks\\Santa Moons\\install.exe"="C:\\winks\\Santa Moons\\install.exe:*:Enabled:install"

"C:\\winks\\Screen Kiss\\install.exe"="C:\\winks\\Screen Kiss\\install.exe:*:Enabled:install"

"C:\\winks\\ScareCrow I Miss You\\install.exe"="C:\\winks\\ScareCrow I Miss You\\install.exe:*:Enabled:install"

"C:\\winks\\Screamer\\install.exe"="C:\\winks\\Screamer\\install.exe:*:Enabled:install"

"C:\\winks\\Laugh\\install.exe"="C:\\winks\\Laugh\\install.exe:*:Enabled:install"

"C:\\winks\\Screen Punch\\install.exe"="C:\\winks\\Screen Punch\\install.exe:*:Enabled:install"

"C:\\winks\\Late Night\\install.exe"="C:\\winks\\Late Night\\install.exe:*:Enabled:install"

"C:\\winks\\Kubuki Dance\\install.exe"="C:\\winks\\Kubuki Dance\\install.exe:*:Enabled:install"

"C:\\winks\\KooKoo Clock\\install.exe"="C:\\winks\\KooKoo Clock\\install.exe:*:Enabled:install"

"C:\\winks\\Kiss My Butt\\install.exe"="C:\\winks\\Kiss My Butt\\install.exe:*:Enabled:install"

"C:\\winks\\Jap - Worried - Sweat\\install.exe"="C:\\winks\\Jap - Worried - Sweat\\install.exe:*:Enabled:install"

"C:\\winks\\Jap - Marching People\\install.exe"="C:\\winks\\Jap - Marching People\\install.exe:*:Enabled:install"

"C:\\winks\\Jap What Food\\install.exe"="C:\\winks\\Jap What Food\\install.exe:*:Enabled:install"

"C:\\winks\\Jap - Popper\\install.exe"="C:\\winks\\Jap - Popper\\install.exe:*:Enabled:install"

"C:\\winks\\Jap - Guy Gets Knocked Over\\install.exe"="C:\\winks\\Jap - Guy Gets Knocked Over\\install.exe:*:Enabled:install"

"C:\\winks\\KooKoo Splat\\install.exe"="C:\\winks\\KooKoo Splat\\install.exe:*:Enabled:install"

"C:\\winks\\Hot Date\\install.exe"="C:\\winks\\Hot Date\\install.exe:*:Enabled:install"

"C:\\winks\\Hello Wink\\install.exe"="C:\\winks\\Hello Wink\\install.exe:*:Enabled:install"

"C:\\winks\\Heart On\\install.exe"="C:\\winks\\Heart On\\install.exe:*:Enabled:install"

"C:\\winks\\Jack In The Box\\install.exe"="C:\\winks\\Jack In The Box\\install.exe:*:Enabled:install"

"C:\\winks\\Is This On\\install.exe"="C:\\winks\\Is This On\\install.exe:*:Enabled:install"

"C:\\winks\\I Hear Ya\\install.exe"="C:\\winks\\I Hear Ya\\install.exe:*:Enabled:install"

"C:\\winks\\I Give Up\\install.exe"="C:\\winks\\I Give Up\\install.exe:*:Enabled:install"

"C:\\winks\\I am Waiting\\install.exe"="C:\\winks\\I am Waiting\\install.exe:*:Enabled:install"

"C:\\winks\\Horny Girl\\install.exe"="C:\\winks\\Horny Girl\\install.exe:*:Enabled:install"

"C:\\winks\\Holiday Cheer\\install.exe"="C:\\winks\\Holiday Cheer\\install.exe:*:Enabled:install"

"C:\\winks\\Hippo Pic\\install.exe"="C:\\winks\\Hippo Pic\\install.exe:*:Enabled:install"

"C:\\winks\\Head Spinning\\install.exe"="C:\\winks\\Head Spinning\\install.exe:*:Enabled:install"

"C:\\winks\\Heart and Key\\install.exe"="C:\\winks\\Heart and Key\\install.exe:*:Enabled:install"

"C:\\winks\\Hasta Lavista Baby\\install.exe"="C:\\winks\\Hasta Lavista Baby\\install.exe:*:Enabled:install"

"C:\\winks\\Happy Dancer\\install.exe"="C:\\winks\\Happy Dancer\\install.exe:*:Enabled:install"

"C:\\winks\\Happy Dance\\install.exe"="C:\\winks\\Happy Dance\\install.exe:*:Enabled:install"

"C:\\winks\\Happy Balloon\\install.exe"="C:\\winks\\Happy Balloon\\install.exe:*:Enabled:install"

"C:\\Meewinks\\MeeWinks18\\install.exe"="C:\\Meewinks\\MeeWinks18\\install.exe:*:Enabled:install"

"C:\\Meewinks\\MeeWinks16\\install.exe"="C:\\Meewinks\\MeeWinks16\\install.exe:*:Enabled:install"

"C:\\winks\\Hang Loose\\install.exe"="C:\\winks\\Hang Loose\\install.exe:*:Enabled:install"

"C:\\winks\\Going Psycho\\install.exe"="C:\\winks\\Going Psycho\\install.exe:*:Enabled:install"

"C:\\winks\\Go Away\\install.exe"="C:\\winks\\Go Away\\install.exe:*:Enabled:install"

"C:\\winks\\Girl Kiss Heart\\install.exe"="C:\\winks\\Girl Kiss Heart\\install.exe:*:Enabled:install"

"C:\\winks\\Friendly Wave\\install.exe"="C:\\winks\\Friendly Wave\\install.exe:*:Enabled:install"

"C:\\winks\\Foot In Mouth\\install.exe"="C:\\winks\\Foot In Mouth\\install.exe:*:Enabled:install"

"C:\\winks\\Flower Grows\\install.exe"="C:\\winks\\Flower Grows\\install.exe:*:Enabled:install"

"C:\\winks\\Flower Fart\\install.exe"="C:\\winks\\Flower Fart\\install.exe:*:Enabled:install"

"C:\\winks\\Falling Hearts\\install.exe"="C:\\winks\\Falling Hearts\\install.exe:*:Enabled:install"

"C:\\winks\\Flirty Wink\\install.exe"="C:\\winks\\Flirty Wink\\install.exe:*:Enabled:install"

"C:\\winks\\Fart Guy\\install.exe"="C:\\winks\\Fart Guy\\install.exe:*:Enabled:install"

"C:\\winks\\Exploding Head\\install.exe"="C:\\winks\\Exploding Head\\install.exe:*:Enabled:install"

"C:\\winks\\Excited\\install.exe"="C:\\winks\\Excited\\install.exe:*:Enabled:install"

"C:\\winks\\Evil Laugh\\install.exe"="C:\\winks\\Evil Laugh\\install.exe:*:Enabled:install"

"C:\\winks\\Dog Flying\\install.exe"="C:\\winks\\Dog Flying\\install.exe:*:Enabled:install"

"C:\\winks\\Dominatrix\\install.exe"="C:\\winks\\Dominatrix\\install.exe:*:Enabled:install"

"C:\\winks\\Empty Head\\install.exe"="C:\\winks\\Empty Head\\install.exe:*:Enabled:install"

"C:\\winks\\Dart Board\\install.exe"="C:\\winks\\Dart Board\\install.exe:*:Enabled:install"

"C:\\winks\\Drinking Beer\\install.exe"="C:\\winks\\Drinking Beer\\install.exe:*:Enabled:install"

"C:\\winks\\Dark Girl\\install.exe"="C:\\winks\\Dark Girl\\install.exe:*:Enabled:install"

"C:\\winks\\Cry Baby\\install.exe"="C:\\winks\\Cry Baby\\install.exe:*:Enabled:install"

"C:\\winks\\Dancing Guy\\install.exe"="C:\\winks\\Dancing Guy\\install.exe:*:Enabled:install"

"C:\\winks\\Crying Dog\\install.exe"="C:\\winks\\Crying Dog\\install.exe:*:Enabled:install"

"C:\\winks\\Cat Laugh\\install.exe"="C:\\winks\\Cat Laugh\\install.exe:*:Enabled:install"

"C:\\winks\\Terrified\\install.exe"="C:\\winks\\Terrified\\install.exe:*:Enabled:install"

"C:\\winks\\Call Me\\install.exe"="C:\\winks\\Call Me\\install.exe:*:Enabled:install"

"C:\\winks\\Thumbs Up\\install.exe"="C:\\winks\\Thumbs Up\\install.exe:*:Enabled:install"

"C:\\winks\\Smily Rolling Around\\install.exe"="C:\\winks\\Smily Rolling Around\\install.exe:*:Enabled:install"

"C:\\winks\\Smiley Faces\\install.exe"="C:\\winks\\Smiley Faces\\install.exe:*:Enabled:install"

"C:\\winks\\Smoke\\install.exe"="C:\\winks\\Smoke\\install.exe:*:Enabled:install"

"C:\\winks\\Soccor Misses\\install.exe"="C:\\winks\\Soccor Misses\\install.exe:*:Enabled:install"

"C:\\winks\\Tag your it\\install.exe"="C:\\winks\\Tag your it\\install.exe:*:Enabled:install"

"C:\\winks\\Tech Support\\install.exe"="C:\\winks\\Tech Support\\install.exe:*:Enabled:install"

"C:\\winks\\Taxi SpaceShip\\install.exe"="C:\\winks\\Taxi SpaceShip\\install.exe:*:Enabled:install"

"C:\\winks\\Times Up\\install.exe"="C:\\winks\\Times Up\\install.exe:*:Enabled:install"

"C:\\winks\\Time To Shop\\install.exe"="C:\\winks\\Time To Shop\\install.exe:*:Enabled:install"

"C:\\winks\\Bouncy Ball\\install.exe"="C:\\winks\\Bouncy Ball\\install.exe:*:Enabled:install"

"C:\\winks\\Break Dancer\\install.exe"="C:\\winks\\Break Dancer\\install.exe:*:Enabled:install"

"C:\\winks\\Burping Bear\\install.exe"="C:\\winks\\Burping Bear\\install.exe:*:Enabled:install"

"C:\\Meewinks\\MeeWinks13\\install.exe"="C:\\Meewinks\\MeeWinks13\\install.exe:*:Enabled:install"

"C:\\winks\\BrainFart\\install.exe"="C:\\winks\\BrainFart\\install.exe:*:Enabled:install"

"C:\\Meewinks\\MeeWinks11\\install.exe"="C:\\Meewinks\\MeeWinks11\\install.exe:*:Enabled:install"

"C:\\winks\\PC Explosion\\install.exe"="C:\\winks\\PC Explosion\\install.exe:*:Enabled:install"

"C:\\winks\\Kisses For You\\install.exe"="C:\\winks\\Kisses For You\\install.exe:*:Enabled:install"

"C:\\winks\\Going Crazy\\install.exe"="C:\\winks\\Going Crazy\\install.exe:*:Enabled:install"

"C:\\mcoinstall.exe"="C:\\mcoinstall.exe:*:Enabled:mcoinstall"

"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"

"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"

"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Documents and Settings\\Danny\\Local Settings\\Temporary Internet Files\\Content.IE5\\KGE3AJHU\\incredimail_install[1].exe"="C:\\Documents and Settings\\Danny\\Local Settings\\Temporary Internet Files\\Content.IE5\\KGE3AJHU\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"

"C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"="C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer"

"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"

"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"

"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"

"C:\\Program Files\\Caplio Software\\RGateLXP.exe"="C:\\Program Files\\Caplio Software\\RGateLXP.exe:*:Enabled:RICOH Gate La for DSC"

"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"

"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"

"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"

"C:\\Documents and Settings\\Danny\\Local Settings\\Temporary Internet Files\\Content.IE5\\S7B37ZZC\\incredimail_install[2].exe"="C:\\Documents and Settings\\Danny\\Local Settings\\Temporary Internet Files\\Content.IE5\\S7B37ZZC\\incredimail_install[2].exe:*:Enabled:IncrediMail Installer"

"C:\\Program Files\\Soulseek-Test\\slsk.exe"="C:\\Program Files\\Soulseek-Test\\slsk.exe:*:Enabled:SoulSeek"

"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"

"C:\\Program Files\\LimeWire Plus\\LimeWire.exe"="C:\\Program Files\\LimeWire Plus\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe:*:Enabled:PowerCinema"

"C:\\Documents and Settings\\Danny\\Mijn documenten\\Sixties\\incredimail_install.exe"="C:\\Documents and Settings\\Danny\\Mijn documenten\\Sixties\\incredimail_install.exe:*:Enabled:IncrediMail Installer"

"C:\\Documents and Settings\\Danny\\Mijn documenten\\Sixties\\magentic_install.exe"="C:\\Documents and Settings\\Danny\\Mijn documenten\\Sixties\\magentic_install.exe:*:Enabled:IncrediMail Installer"

"C:\\Documents and Settings\\Danny\\Mijn documenten\\DR.exe"="C:\\Documents and Settings\\Danny\\Mijn documenten\\DR.exe:*:Enabled:IncrediMail Installer"

"C:\\Documents and Settings\\Danny\\Mijn documenten\\incredimail_install.exe"="C:\\Documents and Settings\\Danny\\Mijn documenten\\incredimail_install.exe:*:Enabled:IncrediMail Installer"

"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"

Remaining Files:

---------------

Files with Hidden Attributes:

Sat 15 Apr 2006 30 ..SHR --- "C:\WINDOWS\system32\bir_a4_{D5D9C809-BA56-4244-A43A-12BD655118A1}.dll"

Mon 18 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Tue 17 Oct 2006 304,736 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe"

Tue 17 Oct 2006 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll"

Thu 2 Sep 2004 1,949,696 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe"

Thu 2 Sep 2004 53,760 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll"

Thu 2 Sep 2004 94,208 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe"

Thu 2 Sep 2004 35,328 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll"

Thu 2 Sep 2004 20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe"

Thu 4 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"

Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"

Sun 2 Dec 2007 108 A..H. --- "C:\Program Files\Common Files\X10\Common\x10prod.sys"

Thu 2 Sep 2004 1,949,696 A..HR --- "C:\Program Files\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe"

Thu 2 Sep 2004 53,760 A..HR --- "C:\Program Files\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll"

Thu 2 Sep 2004 94,208 A..HR --- "C:\Program Files\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe"

Thu 2 Sep 2004 35,328 A..HR --- "C:\Program Files\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll"

Thu 2 Sep 2004 20,480 A..HR --- "C:\Program Files\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe"

Thu 20 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\20cc0088cd851a680d48cd7c937fca62\BIT4.tmp"

Mon 19 Nov 2007 2,685 A.SH. --- "C:\Documents and Settings\Danny\Application Data\Roxio\Dragon\3.x\DiscInfoCache\MATSHITA_DVD-RAM_UJ-831S_1.00_300_DICV018_DRGV300005B.TMP"

Finished!

Link naar reactie
Delen op andere sites



Aahja, een klein woordje uitleg zou wel handig zijn dan, want wat precies het probleem is, is mij toch niet echt helemaal duidelijk dan ze :s ik weet enkel dat hij veel spyware heeft en dat zijn configuratiescherm weg is..

Meer info misschien?

Link naar reactie
Delen op andere sites

 Delen

×
×
  • Nieuwe aanmaken...