| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.05.2010, 19:54
| #1 |
 |  Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! Hallo, Vorserst muss ich mich entschuldigen dass ich mein Post zuvor versehentlich im falschen Themenbereich eingestellt hatte (Hijacker / HiJackThis Logs posten). Jetzt zum eigentlichen Thema: Ich habe mir auf meinem Laptop (WinXP) Antimalware Doctor eingefangen. Mein AV gab mir zu Beginn die Mitteilung von einer Schadsoftware die ich dann gelöschte habe. Ich habe auch versucht durch Anleitung auf Trojaner-Board die Spyware zu entfernen mittels Rkill und danach Malwarebytes Anti-Malware Scan. Nachdem Neustart war auf dem Desktop die Verknüpfung weg aber das Schadprogramm ist immer noch vorhanden. Ich habe einen zweiten Scan mit mbam durchgeführt. Aber es scheint ziemlich hartnäckig zu sein. Dazu habe ich noch eine Meldung vom PC und blauer Bildschirm STOP 0x0000007A - KERNEL_DATA_INPAGE_ERROR Diese Meldung kam beim Scan mit meinem AV programm. Nach dem Neustart habe ich zusätzlich eine Warnung vom AV erhalten. TR/Agent.gyi.236032 C:\Dokumente und Einstellungen\demo\Lokale Einstellungen\Temp\Ldv.exe was ich gelöscht habe. Hier die Logs von MBAM und RSIT in der Hoffnung ich komme weiter und bekomme dieses "Ding" entfernt. Vielen Dank im voraus für die Bemühungen! Logfile of random's system information tool 1.07 (written by random/random) Run by demo at 2010-05-08 23:03:09 Microsoft Windows XP Professional Service Pack 2 System drive C: has 32 GB (55%) free of 57 GB Total RAM: 494 MB (42% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:03:36, on 08.05.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\igfxtray.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Intel\Wireless\Bin\EOUWiz.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\demo\Desktop\RSIT.exe C:\Programme\trend micro\demo.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/home R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.gmx.net/tab2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://go.gmx.net/suchbox/gmxsuche?su=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: GMX Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\system32\ieconfig_1und1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [M5T8QL3YW3] C:\DOKUME~1\demo\LOKALE~1\Temp\Ldx.exe O4 - HKCU\..\Run: [gotnewupdate000.exe] C:\Dokumente und Einstellungen\demo\Anwendungsdaten\651CB9580CA8C43E36E4CF3E12280F8E\gotnewupdate000.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Antimalware Doctor.lnk = C:\Dokumente und Einstellungen\demo\Anwendungsdaten\651CB9580CA8C43E36E4CF3E12280F8E\gotnewupdate000.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - hxxp://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {FDC847F8-DA70-4442-8072-FF883F34D14A} - hxxp://toolbar.dasoertliche-marketing.de/toolbar/normal/download/DasOertlicheToolbar.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = logimex.local O17 - HKLM\Software\..\Telephony: DomainName = logimex.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = logimex.local O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 8940 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AC823E4A9185B08A.job C:\WINDOWS\tasks\WGASetup.job C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] HP Print Enhancer - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] HP Print Clips - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx [2001-03-02 37808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2007-01-29 747048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D48FF4B4-E68F-47D1-8E25-81A0F0EEB341}] GMX Browser Configuration by mquadr.at - C:\Windows\system32\ieconfig_1und1.dll [2009-12-01 610168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-08-11 67584] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-07-22 88363] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784] "RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768] "SynTPLpr"=C:\Programme\Synaptics\SynTP\SynTPLpr.exe [2003-04-19 110592] "SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2003-04-19 610304] "IntelZeroConfig"=C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718] "IntelWireless"=C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182] "EOUApp"=C:\Programme\Intel\Wireless\Bin\EOUWiz.exe [2005-12-28 569413] "zzzHPSETUP"=D:\Setup.exe [] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-07-25 149280] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "NoIE4StubProcessing"=C:\WINDOWS\system32\reg.exe [2004-08-04 53248] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "M5T8QL3YW3"=C:\DOKUME~1\demo\LOKALE~1\Temp\Ldx.exe [2010-05-04 162304] "gotnewupdate000.exe"=C:\Dokumente und Einstellungen\demo\Anwendungsdaten\651CB9580CA8C43E36E4CF3E12280F8E\gotnewupdate000.exe [2010-05-04 743424] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe [] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Acrobat Assistant.lnk - C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Dokumente und Einstellungen\demo\Startmenü\Programme\Autostart Antimalware Doctor.lnk - C:\Dokumente und Einstellungen\demo\Anwendungsdaten\651CB9580CA8C43E36E4CF3E12280F8E\gotnewupdate000.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 nwprovau [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=0x91000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\MSN Messenger\msncall.exe"="C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Programme\Winamp Remote\bin\Orb.exe"="C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "C:\Programme\Winamp Remote\bin\OrbTray.exe"="C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe"="C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe:*  isabled:Kaspersky Anti-Virus Service""C:\Programme\BearShare\BearShare.exe"="C:\Programme\BearShare\BearShare.exe:*:Enabled:BearShare" "C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\MSN Messenger\msncall.exe"="C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe"="C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc. Player" "C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free." "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e1f8ea0-4597-11dc-8dc2-000e35b959a8}] shell\AutoRun\command - F:\LaunchU3.exe -a ======File associations====== .scr - open - "%1" /S %* ======List of files/folders created in the last 1 months====== 2010-05-08 22:51:09 ----N---- C:\WINDOWS\system32\SETCA.tmp 2010-05-08 22:51:08 ----N---- C:\WINDOWS\system32\SETCB.tmp 2010-05-08 22:51:03 ----N---- C:\WINDOWS\system32\SETCF.tmp 2010-05-08 22:51:03 ----N---- C:\WINDOWS\system32\SETCE.tmp 2010-05-08 22:51:02 ----N---- C:\WINDOWS\system32\SETD0.tmp 2010-05-08 22:51:01 ----N---- C:\WINDOWS\system32\SETD3.tmp 2010-05-08 22:50:55 ----N---- C:\WINDOWS\system32\SETD5.tmp 2010-05-08 22:47:13 ----A---- C:\WINDOWS\imsins.BAK 2010-05-08 22:39:26 ----HDC---- C:\WINDOWS\ie8 2010-05-08 22:37:21 ----D---- C:\WINDOWS\LastGood 2010-05-08 19:15:03 ----D---- C:\Programme\trend micro 2010-05-08 19:15:00 ----D---- C:\rsit 2010-05-08 09:36:31 ----D---- C:\Dokumente und Einstellungen\demo\Anwendungsdaten\Malwarebytes 2010-05-08 09:36:09 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-05-08 09:36:08 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-05-04 19:37:40 ----A---- C:\WINDOWS\lsrslt.ini 2010-05-04 18:27:26 ----A---- C:\WINDOWS\Lvufaa.exe 2010-05-04 18:27:02 ----D---- C:\Dokumente und Einstellungen\demo\Anwendungsdaten\651CB9580CA8C43E36E4CF3E12280F8E ======List of files/folders modified in the last 1 months====== 2010-05-08 22:55:37 ----HD---- C:\WINDOWS\inf 2010-05-08 22:55:35 ----D---- C:\Windows 2010-05-08 22:55:28 ----D---- C:\WINDOWS\system32 2010-05-08 22:55:19 ----RSHD---- C:\WINDOWS\system32\dllcache 2010-05-08 22:55:19 ----D---- C:\Programme\Internet Explorer 2010-05-08 22:53:49 ----D---- C:\WINDOWS\ie8updates 2010-05-08 22:52:28 ----HD---- C:\WINDOWS\$hf_mig$ 2010-05-08 22:52:11 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-08 22:46:30 ----D---- C:\WINDOWS\system32\de-de 2010-05-08 22:45:40 ----D---- C:\WINDOWS\Media 2010-05-08 22:45:18 ----D---- C:\WINDOWS\Help 2010-05-08 22:44:24 ----D---- C:\WINDOWS\Temp 2010-05-08 22:33:04 ----D---- C:\WINDOWS\Debug 2010-05-08 22:27:52 ----D---- C:\WINDOWS\Prefetch 2010-05-08 22:21:26 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt 2010-05-08 22:20:26 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-05-08 22:20:21 ----SD---- C:\WINDOWS\Tasks 2010-05-08 19:15:03 ----RD---- C:\Programme 2010-05-08 18:54:35 ----D---- C:\WINDOWS\Minidump 2010-05-08 16:58:29 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$ 2010-05-08 16:58:29 ----D---- C:\WINDOWS\system32\drivers 2010-05-06 08:31:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-05-05 11:29:59 ----D---- C:\Dokumente und Einstellungen 2010-05-04 18:37:13 ----D---- C:\WINDOWS\system32\LogFiles 2010-05-04 18:15:21 ----D---- C:\Programme\Mozilla Firefox 2010-04-27 11:59:38 ----A---- C:\WINDOWS\NeroDigital.ini 2010-04-15 09:25:57 ----DC---- C:\WINDOWS\i386 2010-04-15 09:21:43 ----SHD---- C:\WINDOWS\Installer 2010-04-15 09:21:42 ----HD---- C:\Config.Msi 2010-04-15 09:20:39 ----A---- C:\WINDOWS\vbaddin.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-02-25 21275] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-09 56816] R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys [] R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424] R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448] R2 NwlnkNb;NWLink-NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232] R2 NwlnkSpx;NWLink SPX/SPXII-Protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936] R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568] R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-07-22 1266380] R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-08-11 400384] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-11 626977] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-07-06 44032] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080] R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2004-07-06 190804] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824] R3 NSCIRDA;NSC-Infrarotgerätetreiber; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-04 28672] R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584] R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2003-04-19 270288] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] R3 w29n51;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-09-12 3298432] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 ids00026;ids00026; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [] S3 ids0005c;ids0005c; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys [] S3 ids00118;ids00118; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys [] S3 ids0014f;ids0014f; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys [] S3 ids0015d;ids0015d; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys [] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-12 41752] S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2004-10-11 12062] S3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2004-07-06 5817] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 ovt530;Webcam Classic; C:\WINDOWS\System32\Drivers\ov530vid.sys [2005-03-15 161792] S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-12 13848] S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-12 1279000] S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 SQTECH905C;DB CIF Cam; C:\WINDOWS\System32\Drivers\Capt905c.sys [2006-01-26 34686] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys [] S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800] S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 w22n51;Intel(R) PRO/Wireless 2200 Adapter-Treiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w22n51.sys [2004-08-30 3151232] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753] R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-25 153376] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120] R2 NWCWorkstation;Client Service für NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164] R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745] R2 SeaPort;SeaPort; C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 268800] S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2009-01-07 26144] S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-14 72704] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-24 920576] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 3930 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 08.05.2010 16:52:08 mbam-log-2010-05-08 (16-52-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 222293 Laufzeit: 2 Stunde(n), 17 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 13 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 1 Infizierte Dateien: 12 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: c:\Windows\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\Windows\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Dokumente und Einstellungen\demo\Eigene Dateien\Downloads\packupdate_build106_231.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\HelpAssistant\Eigene Dateien\Downloads\packupdate_build106_231.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully. C:\Windows\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\demo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\HelpAssistant\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\demo\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\HelpAssistant\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\demo\Startmenü\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\HelpAssistant\Startmenü\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Windows\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 3930 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 08.05.2010 18:40:32 mbam-log-2010-05-08 (18-40-32).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 136043 Laufzeit: 13 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Geändert von Alfadas (09.05.2010 um 20:11 Uhr) |
|
09.05.2010, 20:52
| #2 |
| |  Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! Jetzt habe ich zusätzlich OTL geladen und einen scan durchgeführt.
__________________Mbam habe ich auch noch einmal durchlaufen lassen. Ich muss diesen Post splitten da er zu lang ist! Zu dem blauen Bildschirm das ich heute nachmittag hatte folgendes stand noch: Stop 0x0000007A (0xC03DE20C, 0xC000000E, 0xF788343A, 0x0C7CF860) PCIDEX.sys Address F788343A base at F787F00 Datestamo 41107b4c -Ende der Nachricht -  (Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 3930 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 09.05.2010 21:32:03 mbam-log-2010-05-09 (21-32-03).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 136451 Laufzeit: 12 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) OTL logfile created on: 09.05.2010 21:37:08 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\demo\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 494,00 Mb Total Physical Memory | 213,00 Mb Available Physical Memory | 43,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): C:\pagefile.sys 744 1488 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55,93 Gb Total Space | 30,90 Gb Free Space | 55,25% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MAXDATA-9C58E35 Current User Name: demo Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\demo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Dokumente und Einstellungen\demo\Lokale Einstellungen\Temp\Ldx.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\MDM.EXE (Microsoft Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\demo\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (LVUSBSta) -- C:\Windows\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\system32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (pepifilter) -- C:\Windows\system32\drivers\lv302af.sys (Logitech Inc.) DRV - (hardlock) -- C:\Windows\system32\drivers\hardlock.sys (Aladdin Knowledge Systems) DRV - (SQTECH905C) -- C:\Windows\system32\drivers\Capt905c.sys (Service & Quality Technology.) DRV - (s24trans) -- C:\Windows\system32\drivers\s24trans.sys (Intel Corporation) DRV - (w29n51) Intel(R) -- C:\Windows\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (ovt530) -- C:\Windows\system32\drivers\ov530vid.sys (OmniVision Technologies, Inc.) DRV - (Afc) -- C:\Windows\system32\drivers\afc.sys (Arcsoft, Inc.) DRV - (MagicTune) -- C:\Windows\system32\drivers\MTiCtwl.sys () DRV - (w22n51) Intel(R) -- C:\Windows\system32\drivers\w22n51.sys (Intel® Corporation) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (ALCXSENS) -- C:\Windows\system32\drivers\ALCXSENS.SYS (Sensaura) DRV - (NwlnkIpx) -- C:\Windows\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (NwlnkNb) -- C:\Windows\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\Windows\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (gameenum) -- C:\Windows\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (NSCIRDA) -- C:\Windows\system32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (AgereSoftModem) -- C:\Windows\system32\drivers\AGRSM.sys (Agere Systems) DRV - (CONAN) -- C:\Windows\system32\drivers\o2mmb.sys (O2 Micro ) DRV - (MbxStby) -- C:\Windows\system32\drivers\MbxStby.sys (O2 Micro) DRV - (bcm4sbxp) -- C:\Windows\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (SynTP) -- C:\Windows\system32\drivers\SynTP.sys (Synaptics, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://de.search.yahoo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.gmx.net/tab2 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = go.gmx.net/tab2 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 3B 84 5E F6 77 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.05 13:41:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.05 22:35:56 | 000,000,000 | ---D | M] [2010.03.11 16:53:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\demo\Anwendungsdaten\Mozilla\Extensions [2010.05.08 22:46:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\demo\Anwendungsdaten\Mozilla\Firefox\Profiles\e8ooan6e.default\extensions [2010.03.11 17:26:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\demo\Anwendungsdaten\Mozilla\Firefox\Profiles\e8ooan6e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.11 16:53:10 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2007.10.16 10:49:08 | 000,004,188 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD O1 - Hosts: 127.0.0.1 cdn.drivecleaner.com ## added by CiD O1 - Hosts: 127.0.0.1 cdn.errorsafe.com ## added by CiD O1 - Hosts: 127.0.0.1 cdn.winsoftware.com ## added by CiD O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD O1 - Hosts: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD O1 - Hosts: 46 more lines... O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx () O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (GMX Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\system32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [zzzHPSETUP] D:\Setup.exe File not found O4 - HKCU..\Run: [gotnewupdate000.exe] C:\Dokumente und Einstellungen\demo\Anwendungsdaten\651CB9580CA8C43E36E4CF3E12280F8E\gotnewupdate000.exe File not found O4 - HKCU..\Run: [M5T8QL3YW3] C:\Dokumente und Einstellungen\demo\Lokale Einstellungen\Temp\Ldx.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.) O4 - Startup: C:\Dokumente und Einstellungen\demo\Startmenü\Programme\Autostart\Antimalware Doctor.lnk = C:\Dokumente und Einstellungen\demo\Anwendungsdaten\651CB9580CA8C43E36E4CF3E12280F8E\gotnewupdate000.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {FDC847F8-DA70-4442-8072-FF883F34D14A} hxxp://toolbar.dasoertliche-marketing.de/toolbar/normal/download/DasOertlicheToolbar.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = logimex.local O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found. O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\demo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\demo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.12.22 12:12:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{5e1f8ea0-4597-11dc-8dc2-000e35b959a8}\Shell - "" = AutoRun O33 - MountPoints2\{5e1f8ea0-4597-11dc-8dc2-000e35b959a8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5e1f8ea0-4597-11dc-8dc2-000e35b959a8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.09 21:33:18 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\demo\Desktop\OTL.exe [2010.05.08 22:39:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.05.08 19:15:03 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.05.08 19:15:00 | 000,000,000 | ---D | C] -- C:\rsit [2010.05.08 19:13:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\demo\Desktop\Neuer Ordner [2010.05.08 18:42:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\demo\Recent [2010.05.08 09:36:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\demo\Anwendungsdaten\Malwarebytes [2010.05.08 09:36:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.05.08 09:36:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.05.08 09:36:08 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.05.08 09:36:08 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.04 18:27:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\demo\Anwendungsdaten\651CB9580CA8C43E36E4CF3E12280F8E [2010.05.04 09:39:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\demo\Desktop\fotos vom stick [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.09 21:14:50 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.05.09 21:13:25 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.05.09 21:13:04 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2010.05.09 21:12:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.09 21:12:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.09 20:55:30 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\demo\Desktop\OTL.exe [2010.05.09 12:00:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\tasks\AC823E4A9185B08A.job [2010.05.08 23:13:14 | 007,077,888 | -H-- | M] () -- C:\Dokumente und Einstellungen\demo\NTUSER.DAT [2010.05.08 23:12:54 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\demo\ntuser.ini [2010.05.08 23:12:34 | 006,291,456 | -H-- | M] () -- C:\Dokumente und Einstellungen\demo\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.05.08 22:50:53 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.05.08 18:26:38 | 000,824,681 | ---- | M] () -- C:\Dokumente und Einstellungen\demo\Desktop\RSIT.exe [2010.05.08 18:24:30 | 000,000,704 | ---- | M] () -- C:\Dokumente und Einstellungen\demo\Eigene Dateien\cc_20100508_182359.reg [2010.05.08 18:23:43 | 000,039,226 | ---- | M] () -- C:\Dokumente und Einstellungen\demo\Eigene Dateien\cc_20100508_182325.reg [2010.05.08 17:25:00 | 000,001,593 | ---- | M] () -- C:\WINDOWS\lsrslt.ini [2010.05.08 09:36:22 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.08 09:22:50 | 000,363,520 | ---- | M] () -- C:\Dokumente und Einstellungen\demo\Desktop\iExplore.exe [2010.05.06 08:31:36 | 000,447,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.05.06 08:31:35 | 000,467,522 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.05.06 08:31:35 | 000,088,280 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.05.06 08:31:35 | 000,074,376 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.05.06 08:31:34 | 000,004,984 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.05.04 18:28:53 | 000,001,212 | ---- | M] () -- C:\Dokumente und Einstellungen\demo\Startmenü\Programme\Autostart\Antimalware Doctor.lnk [2010.05.04 18:27:01 | 000,164,352 | ---- | M] () -- C:\WINDOWS\Lvufaa.exe [2010.05.04 18:15:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.05.04 09:41:41 | 000,081,920 | ---- | M] () -- C:\Dokumente und Einstellungen\demo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.27 11:59:38 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.04.15 09:20:39 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini [2010.04.13 18:51:42 | 000,007,604 | ---- | M] () -- C:\Dokumente und Einstellungen\demo\Desktop\cay.jpg [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.08 22:47:13 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010.05.08 19:03:05 | 000,824,681 | ---- | C] () -- C:\Dokumente und Einstellungen\demo\Desktop\RSIT.exe [2010.05.08 18:24:01 | 000,000,704 | ---- | C] () -- C:\Dokumente und Einstellungen\demo\Eigene Dateien\cc_20100508_182359.reg [2010.05.08 18:23:31 | 000,039,226 | ---- | C] () -- C:\Dokumente und Einstellungen\demo\Eigene Dateien\cc_20100508_182325.reg [2010.05.08 18:18:46 | 000,363,520 | ---- | C] () -- C:\Dokumente und Einstellungen\demo\Desktop\iExplore.exe [2010.05.08 09:36:22 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.04 19:37:40 | 000,001,593 | ---- | C] () -- C:\WINDOWS\lsrslt.ini [2010.05.04 18:28:53 | 000,001,212 | ---- | C] () -- C:\Dokumente und Einstellungen\demo\Startmenü\Programme\Autostart\Antimalware Doctor.lnk [2010.05.04 18:27:26 | 000,164,352 | ---- | C] () -- C:\WINDOWS\Lvufaa.exe [2010.05.04 18:27:16 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.04.13 18:51:41 | 000,007,604 | ---- | C] () -- C:\Dokumente und Einstellungen\demo\Desktop\cay.jpg [2008.12.15 01:19:14 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2008.08.21 20:35:50 | 000,000,195 | ---- | C] () -- C:\WINDOWS\Pfview.INI [2008.07.18 15:19:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll [2008.05.06 17:55:40 | 000,000,393 | ---- | C] () -- C:\WINDOWS\PrintForm.INI [2008.04.26 21:32:36 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008.03.06 14:04:28 | 000,000,777 | ---- | C] () -- C:\WINDOWS\EditForm.INI [2008.02.29 22:03:11 | 000,012,062 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTiCtwl.sys [2007.06.14 16:55:41 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI [2007.03.20 11:31:48 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2007.03.20 11:05:56 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI [2007.01.27 15:51:10 | 000,001,024 | ---- | C] () -- C:\WINDOWS\ppengine.ini [2005.08.27 11:59:58 | 000,000,354 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2005.08.26 19:33:49 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005.07.28 13:19:45 | 000,195,072 | ---- | C] () -- C:\WINDOWS\System32\msodeGER.dll [2005.07.11 22:39:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2005.05.20 20:32:17 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2005.03.16 13:14:11 | 000,000,774 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005.02.09 09:22:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005.02.09 09:22:39 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2005.02.09 09:10:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2005.02.09 09:10:16 | 000,001,110 | ---- | C] () -- C:\WINDOWS\System32\OemInfo.ini [2005.02.09 09:07:11 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2003.02.20 15:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2000.04.14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll [1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1998.06.11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll [1997.09.04 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL [1997.09.04 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1997.09.04 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\VADE232.DLL [1997.09.04 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 68 bytes -> C:\WINDOWS\wmprfDEU.prx:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\winhlp32.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\unin0407.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\twain.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\zipfldr.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpsp2res.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpsp1res.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpob2res.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xolehlp.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xmlprovi.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wzcsapi.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wzcdlg.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wupdmgr.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WUDFx.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WudfPlatform.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WudfHost.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WUDFCoinstaller.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuauserv.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaueng1.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuauclt1.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wsnmp32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshtcpip.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshisn.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshirda.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshext.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wscsvc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wscript.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpdshextres.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpdshextautoplay.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpd_ci.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wowexec.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVXENCD.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVSENCD.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVSDECD.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVENCOD.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmvdmoe2.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVADVD.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpui.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpshell.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpps.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpns.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmploc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmerror.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmdmps.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmdmlog.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMADMOE.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winspool.drv:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winrnr.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winoldap.mod:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winmine.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winlogon.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winipsec.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\win87em.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\win32spl.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wiavusd.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wiashext.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wiaservc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wiadefui.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wiaacmgr.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\webclnt.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wdmaud.drv:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wdfmgr.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\watchdog.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\w3ssl.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\w32time.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\w29NCPA.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vwipxspx.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vwipxspx.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vssvc.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vssapi.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vmhelper.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VFP6RENU.DLL:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VFP6RDEU.DLL:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VFP6R.DLL:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vbsde.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\userinit.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\user.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usbmon.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ups.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\upnphost.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\upnp.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\uniplat.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unimdmat.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unimdm.tsp:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unicode.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\umpnpmgr.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ulib.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\txflog.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\twext.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsccvid.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsappcmp.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\trkwks.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tourstart.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\toolhelp.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tlntsvr.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timedate.cpl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ticrf.rat:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\themeui.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\termsrv.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tcpmon.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tcpmib.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\taskmgr.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapiui.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapisrv.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sysdm.cpl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynTPFcs.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynTPAPI.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynCOM.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\svchost.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\streamci.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\storprop.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stobject.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sti_ci.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sti.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole2.tlb:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssdpsrv.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\srvsvc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\srsvc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\srrstr.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spoolsv.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spoolss.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spider.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sorttbls.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sortkey.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sol.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\softpub.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\snmpapi.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sndvol32.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sndrec32.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smss.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smlogsvc.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smlogcfg.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\slbrccsp.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\slbiop.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\slayerxp.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sl_anet.acm:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sigtab.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shmgrate.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shmedia.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shimgvw.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shgina.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shell.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shdoclc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfcfiles.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc_os.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sethc.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sessmgr.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sens.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\seclogon.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sdhcinst.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\schedsvc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sccsccp.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scarddlg.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\runonce.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rtutils.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rshx32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsaenh.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\remotesp.tsp:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\remotepg.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\regsvr32.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\regsvc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\reg.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\redir.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rdshost.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rcimlby.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rastapi.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rassapi.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasppp.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasman.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\QuickTimeVR.qtx:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\QuickTimeMusicalInstruments.qtx:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\QuickTime.qts:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qmgrprxy.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qmgr.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qedit.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qdvd.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS |
|
09.05.2010, 20:58
| #3 |
| | Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! Post 2
__________________\System32\qcap.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qasf.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pstorsvc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pstorec.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\psbase.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\psapi.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\progman.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\powercfg.cpl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PortableDeviceWMDRM.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PortableDeviceWiaCompat.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PortableDeviceClassExtension.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pnrpnsp.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pjlmon.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ping.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pifmgr.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pidgen.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfproc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PCDLIB32.DLL:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\packager.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olesvr32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olepro32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oledlg.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olecnv32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olecli32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oleaccrc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ole32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.sig:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.dat:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.bin:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbcjt32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbcji32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbcint.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbccp32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbcbcp.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nwwks.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nwc.cpl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nwapi16.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nw16.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nusrmgr.cpl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntvdmd.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntvdm.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntshrui.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntsdexts.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntmsmgr.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntmsapi.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntmarta.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntlsapi.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntio.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdos.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nscompat.tlb:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\notepad.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netware.drv:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netsetup.cpl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netplwiz.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netmsg.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netman.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netlogon.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netid.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netevent.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netdde.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netapi.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ndptsp.tsp:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ncpa.cpl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mydocs.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mycomput.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml4r.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml3r.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml3a.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml2.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mswmdm.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mstsc.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mstlsapi.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mstask.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msscp.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msprpde.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msprivs.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msports.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mspmsp.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mspmsnsv.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mspatcha.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msnetobj.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjava.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msisip.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msidntld.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msidle.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msident.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mshearts.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msh261.drv:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSFLXGRD.OCX:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdxm.ocx:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdtc.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdmo.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdelta.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdart.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSCTFP.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscdexnt.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msawt.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msadp32.acm:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mprui.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mpnotify.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MPG4DECD.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MPG4C32.DLL:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mpg2splt.ax:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MP4SDECD.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MP43DECD.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\moricons.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\modemui.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mobsync.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mobsync.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mnmsrvc.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmcshext.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmcndmgr.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmc.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\midimap.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mgmtapi.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MFC71.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc42loc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc42.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc40u.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc40loc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mf3216.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MDT2FW95.DLL:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mdminst.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mciseq.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mciqtz32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcicda.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mciavi32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcd32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mapisvc.inf:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MAPISTUB.DLL:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MAPI.DLL:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\main.cpl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lz32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LuResult.txt:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LTCLR13n.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lsass.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lpk.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\logonui.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\logon.scr:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lodctr.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\locator.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\localsec.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\locale.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\loadperf.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lmrt.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lmhsvc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\licwmi.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\licdll.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfwmf13n.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lftga13n.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfras13n.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfpsd13n.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Lfpng13n.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfpdf13n.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Lfpct13n.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfimg13n.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfeps13n.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\l3codecp.acm:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\l_intl.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\krnl386.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\korean.uce:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kmddsp.tsp:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\keyboard.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kdcom.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdus.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdgr.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kb16.com:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kanji_2.uce:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kanji_1.uce:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jview.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jit.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jgpl400.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jgdw400.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jdbgmgr.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javasup.vxd:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javaprxy.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javaee.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iuengine.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\itss.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\itircl.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\irprops.cpl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\irmon.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir50_32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir41_qcx.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir41_qc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir41_32.ax:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipxwan.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipsink.ax:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipsecsvc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iprop.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipnathlp.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipconfig.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipconf.tsp:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetres.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetpp.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetmib1.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetcfg.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Indeo4.qtx:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\imapi.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ImagXR7.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ImagXpr7.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ImagX7.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\imaadp32.acm:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxtray.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxsrvc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxress.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxres.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxpph.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxhk.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxext.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxexps.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxeud.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdo.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdiag.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdgps.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdev.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxcpl.cpl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxcfg.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IE7Eula.rtf:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ideograf.uce:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icmui.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icm32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icfgnt5.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iccvid.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmrnt5.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmgicd.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmgdev.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdnt5.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdev5.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdd5.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iac25_32.ax:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hypertrm.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hotplug.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hnetwiz.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hnetcfg.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hlvdd.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hkcmd.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\himem.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hidphone.tsp:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hid.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hhsetup.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hhctrl.ocx:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hdwwiz.cpl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hal.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\h323.tsp:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\grpconv.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\geo.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\gdiplus.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\gdi.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\gb2312.uce:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxstiff.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxst30.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxssvc.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsst.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxssend.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsroute.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsres.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsmon.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsext32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxscover.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsclntR.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ftsrch.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fsusd.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\freecell.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FLXGDDE.DLL:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fldrclnr.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\firewall.cpl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\filemgmt.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\feclient.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\exts.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\extrac32.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\expsrv.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\eventlog.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ersvc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\els.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ega.cpi:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dxmasf.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dxdiagn.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dwwin.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dumprep.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dsuiext.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dssenh.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dsquery.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dskquota.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drprov.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drmv2clt.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drmclien.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\WSTCODEC.SYS:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wmilib.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\w29n51.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\w22n51.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\volsnap.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\videoprt.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\vga.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbuhci.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\USBSTOR.SYS:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbport.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbhub.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbehci.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbd.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\tdtcp.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\tdpipe.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\tdi.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sysaudio.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SynTP.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\swmidi.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\swenum.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\sr.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SONYPVU1.SYS:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\serenum.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\s24trans.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\redbook.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rdpdr.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\raspptp.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\pciidex.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\parvdm.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\partmgr.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\oprghdlr.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ohci1394.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\o2mmb.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwrdr.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkspx.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnknb.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkipx.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\netbt.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\netbios.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mup.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mssmbios.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MSPQM.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MSPCLOCK.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MSKSSRV.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\msgpc.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mountmgr.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mouhid.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mouclass.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mnmdd.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MbxStby.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\kbdclass.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\isapnp.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\irda.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\intelppm.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ialmnt5.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\i8042prt.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hidparse.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hidclass.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hardlock.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\gameenum.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\fs_rec.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxgthk.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxg.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxapi.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\drmkaud.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\DMusic.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dmio.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dmboot.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\CmBatt.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\classpnp.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Capt905c.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\bcm4sbxp.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\battc.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\atapi.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ALCXWDM.SYS:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ALCXSENS.SYS:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\aic78xx.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\aic78u2.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\AGRSM.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\AegisP.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\adpu160m.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\1394bus.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dpnhupnp.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dpnet.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dplayx.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dpcdll.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dosx.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dmutil.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dmserver.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dmocx.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dmdskres.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dmdskmgr.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dmadmin.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllhost.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\winsrv.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\wiaservc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\wdmaud.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\user32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\upnphost.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\update.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\sxs.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\splitter.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\shsvcs.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\riched20.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\rdbss.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\rasmans.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\rasadhlp.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\oledlg.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\nwwks.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\nwrdr.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\nwprovau.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\nwapi32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\ntfs.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\msjro.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\msftedit.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\msadox.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\msadomd.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\msado15.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\mfc42u.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\mfc40u.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\mf3216.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\kmixer.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\jgpl400.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\jgdw400.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\iphlpapi.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\hlink.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\fltmgr.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\fltmc.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\fltlib.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\explorer.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\dxmasf.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\dhcpcsvc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\comctl32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\ciodm.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\apphelp.sdb:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\apph_sp.sdb:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\agentsvr.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\agentdpv.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\agentdp2.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dispex.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dinput.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dfrgsnap.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\devmgr.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\devmgmt.msc:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\devenum.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\deskmon.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\deskadp.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\defrag.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ddrawex.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dbgeng.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\davclnt.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\datime.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\danim.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3drm.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3dim700.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3dim.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3d9.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3d8thk.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3d8.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctype.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctfmon.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\csrss.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cscui.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cryptsvc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cryptext.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cryptdll.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\crtdll.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\credui.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\country.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\control.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CONFIG.NT:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comuid.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comsvcs.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comrepl.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\compmgmt.msc:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\compatUI.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\commdlg.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\command.com:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comdlg32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comcat.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cnbjmon.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cmd.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\clspack.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\clipsrv.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\clbcatq.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\clbcatex.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\clb.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cisvc.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ciodm.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\charmap.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\certcli.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cdosys.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cdfview.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\catsrvut.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\catsrv.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_950.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_949.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_936.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_932.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_874.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28605.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28599.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28592.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28591.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1258.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1257.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1256.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1255.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1254.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\bthprops.cpl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\bthci.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\browsewm.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\browser.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\browselc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\bopomofo.uce:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\basesrv.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\autochk.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\audiosrv.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\atmfd.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\asycfilt.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\appwiz.cpl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\amcompat.tlb:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ALSNDMGR.CPL:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\alg.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\adsnt.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\adsldpc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\adptif.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\actxprxy.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\activeds.tlb:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\crlds3d.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\regedit.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\hh.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\demo000.acl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\demo.acl:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\AGRSMMSG.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\_default.pif:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Programme\Intel\Wireless\Bin\EOUWiz.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\demo\Startmenü\Programme\Autostart\desktop.ini:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\demo\RefEdit.exd:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\demo\Installer.log:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\demo\Eigene Dateien\Alte Excel-Dokumente.lnk:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\demo\Anwendungsdaten\desktop.ini:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\desktop.ini:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Desktop\Allplan 2004.lnk:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WLAN_Generic_SW_2200BG_2915ABG_3945ABG_V10.1.0.3_TIC_107948.zip:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotek.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\WORDPAD.INI:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMSysPr9.prx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\winhelp.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\vmmreg32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\vb.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\unvise32qt.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Thumbs.db:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\tasks\AC823E4A9185B08A.job:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\TASKMAN.EXE:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedon.reg:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedoff.reg:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xmlprov.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xenroll.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xcopy.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xactsrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wstrenderer.ax:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wstpager.ax:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wstdecod.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WshRm.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshom.ocx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshnetbs.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wship6.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshcon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshbth.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshatm.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsecedit.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wscui.cpl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wscntfy.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\write.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpnpinst.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdtrace.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdsp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtpus.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtpdr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdconns.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpabaln.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfaxui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfax.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowdeb.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvds32.ax:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmod.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVADVE.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmv8ds32.ax:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMSUI32.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmstream.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMSPDMOE.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmsdmoe2.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmsdmoe.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmsdmod.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpsrcwp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpencen.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcore.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcd.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpasf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmp.ocx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmiscmgr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmiprop.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmidx.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmerrDEU.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdrmnet.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdrmdev.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wjview.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winver.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winstrm.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINSSPI.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsock.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winshfhc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winntbbu.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winnls.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmsd.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhlp32.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhelp.hlp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winfax.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winchat.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winbrand.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win.com:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wifeman.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiavideo.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiasf.ax:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiascr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiadss.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wextract.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webvw.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webhits.dll:KAVICHS |
|
09.05.2010, 21:09
| #4 |
| | Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webfldrs.msi:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdl.trm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdfapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.sve:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.nld:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.ita:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.fra:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.esn:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.enu:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.deu:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.sve:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.nld:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.ita:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.fra:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.esn:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.enu:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.deu:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wavemsp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\W95FIBER.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32topl.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32tm.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w22NCPA.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\W22MLRes.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssadmin.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vss_ps.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSFLEX3.OCX:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vjoy.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga64k.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga256.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VFP6RUN.EXE:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\verifier.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\verifier.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ver.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VEN2232.OLB:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vdmredir.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcdex.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vbisurf.ax:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vbicodec.ax:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAME.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBADE32.OLB:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VADE232.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\v7vga.rom:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uwdf.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvpa.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvoica.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv80a.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv42a.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsvpia.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrshuta.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsdpia.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrrtosa.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrprbda.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrmlnka.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlbva.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrfaxa.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdtea.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdpa.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcoina.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcntra.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usbui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USASCII.TRN:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ureg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnpui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnpcont.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UNWISE.INI:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UNWISE.EXE:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\untfs.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unlodctr.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umdmxfrm.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ufat.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\udhisapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\typeperf.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\typelib.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TwnLib4.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TwnLib20.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsddd.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsd32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscfgwmi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tree.com:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tracert6.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tracert.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tracerpt.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tlntsvrp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tlntadmn.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tftp.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\termmgr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\termcap:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\telephon.cpl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpsvcs.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmonui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmon.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcmsetup.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\taskman.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tasklist.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\taskkill.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapiperf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi3.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\systray.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\systeminfo.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSTEM1X.MDW:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\system.mdw:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprtj.sep:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprint.sep:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysocmgr.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysmon.ocx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syskey.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysinv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysedit.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SynTPCoI.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syncui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SynCtrl.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\synceng.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syncapp.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\swprv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SWEDISH.TRN:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svcpack.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subst.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\storage.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stimon.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stclient.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sstext3d.scr:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssstars.scr:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sspipes.scr:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssmyst.scr:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssmypics.scr:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssmarque.scr:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssflwbox.scr:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssbezier.scr:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ss3dfo.scr:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwoa.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwid.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlunirl.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsrv32.rll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsrv32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsodbc.chm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spxcoins.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio800.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio600.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprestrt.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spnpinst.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spnike.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spiisupd.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sort.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\snmpsnap.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SMSUnins.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smbinst.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbcsp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\skeys.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\skdll.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sisbkup.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\simpdata.tlb:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sigverif.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shutdown.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shscrap.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shrpubw.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\share.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfmapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setver.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupdll.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setup.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setup.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serwvdrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\services.msc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\servdeps.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serialui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\senscfg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sendmail.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sendcmsg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SELFREG.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.sig:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secpol.msc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secedit.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sdpblb.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sdbinst.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scrrun.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scrrnde.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scrobj.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scrnsave.scr:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scriptpw.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scredir.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCP32.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scode.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sclgntfy.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schtasks.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sccbase.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardssp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCANPST.HLP:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sbeio.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sbe.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\savedump.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\safrslv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\safrdm.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\safrcdlg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\s24NCfg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\runas.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtm.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RTLCPL.EXE:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RTLCPAPI.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtipxmib.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtcshare.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpsp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpperf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpmsg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpcnts.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsopprov.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsnotify.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmui.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmsink.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmps.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsm.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsh.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsfsaps.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaci.rat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcns4.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routetab.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routemon.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\route.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rnr20.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rexec.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\results.txt:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\replace.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rend.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\relog.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regwizc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regwiz.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regedt32.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REFEDIT.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\recover.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdsaddin.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpwsx.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpsnd.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpdd.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpclip.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdchost.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rcp.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasser.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasrad.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasphone.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmxs.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmontr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdial.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrnm.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasautou.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasauto.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\racpldlg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QuickTime.qtp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QuickTime.cpl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qtplugin.log:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qprocess.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qosname.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qedwipes.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qdv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pubprn.vbs:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PUBDLG.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psnppagn.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pscript.sep:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdcnt.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\proxycfg.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\proquota.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prodspec.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\proctexe.ocx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prnqctl.vbs:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prnport.vbs:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prnmngr.vbs:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prnjobs.vbs:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prndrvr.vbs:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prncnfg.vbs:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\print.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prflbmsg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powercfg.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\polstore.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pmspl.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\plustab.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ping6.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pid.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PICSTORE.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\picn20.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\photowiz.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfts.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfos.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfnw.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfnet.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfmon.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi009.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi007.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfdisk.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd009.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd007.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfctrs.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pentnt.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pcl.sep:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pathping.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\paqsp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\panmap.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pagefileconfig.vbs:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\p2psvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\p2pnetsh.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\p2pgraph.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\p2pgasvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\p2p.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OUTLCOMM.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\osuninst.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\osuninst.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\openfiles.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olesvr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleprn.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLEMSG32.REG:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLEMSG32.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLEMSG.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecli.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2nls.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2disp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\offfilt.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oemdspif.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odtext32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odpdx32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odfox32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odexl32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oddbse32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbctrac.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBCSTF.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcp32r.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBCKEY.INF:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBCJTNW.HLP:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBCJTNW.CNT:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBCJET.HLP:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBCJET.CNT:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBCINST.HLP:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBCINST.CNT:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbccu32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbccr32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbccp32.cpl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcconf.rsp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcconf.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcconf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcad32.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32gt.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc16gt.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\objsel.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nwscript.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nwevent.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nwcfg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntsd.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntprint.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmssvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsoprq.msc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsmgr.msc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsevt.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsdba.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui2.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio804.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio412.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio411.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio404.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntimage.gif:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsbcli.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos804.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos412.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos411.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos404.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntbackup.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nslookup.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NSERROR.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NSCMPS.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\npptools.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NORWEG.TRN:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.cht:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.chs:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmmkcert.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nlsfunc.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nlhtml.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netstat.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netsh.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netsetup.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\neth.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netfxperf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\net1.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\net.hlp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\net.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NeroCheck.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nddenb32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nddeapir.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncxpnt.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nbtstat.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\narrhook.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxlegih.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxex.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxdm.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxmlr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml2r.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSXBSE35.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msw3prt.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvideo.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvidctl.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp50.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvbvm50.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstinit.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSTEXT35.reg:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstext35.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswchx.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswch.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTKPRP.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTDFMT.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssip32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssetup.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msscript.ocx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msscds32.ax:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssap.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRTEDIT.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrpfs35.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrecr40.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrclr40.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msratelc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2cenu.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2c.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSPST32.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspdox35.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSOTHUNK.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msorcl32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msorc32r.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msodeGER.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msobjs.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msnsspc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msltus35.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mslbui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjt4jlt.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjdbc10.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMUSIC.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT32.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT16.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msieftp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgsvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSFS32.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSForms.TWD:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msexcl35.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msencode.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdxmlc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdatsrc.tlb:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdadiag.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mscpxl32.dLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mscpx32r.dLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msconf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCALDEU.TLB:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.OCX:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.HLP:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.DEP:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.CNT:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaudite.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msapsspc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msafd.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msadds32.ax:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaatext.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mrinfo.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqprfsym.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqperf.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqperf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqoa20.tlb:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqoa10.tlb:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqoa.tlb:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqlogmgr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqgentr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqcertui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprmsg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprdim.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprddm.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplay32.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpg4ds32.ax:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPG4DMOD.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpeg2data.ax:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MP4SDMOD.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MP43DMOD.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mountvol.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\more.com:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\modex.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mode.com:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mnmdd.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmutilse.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmtask.tsk:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmfutil.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmdriver.inf:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_qic.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_mtf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_hp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mlang.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ML3XEC16.EXE:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Misc2.srg:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\misc.srg:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mimefilt.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\migpwd.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\miglibnt.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mib.bin:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFCANS32.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71u.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71KOR.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71JPN.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71ITA.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71ESP.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71ENU.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71DEU.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71CHT.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71CHS.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC42DEU.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc40.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mem.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdwmdmsp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdhcp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciwave.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciwave.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciseq.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole16.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciavi.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mchgrcoi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcdsrv32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcastmib.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\maxdiag.cmd:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISRVR.EXE:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISP32.EXE:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapi32x.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\makecab.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mag_hook.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lzexpand.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lusrmgr.msc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lprmonui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lprhelp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpr.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpq.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logoff.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logman.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\login.cmd:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loghours.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\localui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loadfix.com:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lnkstub.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lights.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LAPRXY.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lanman.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\langwrbk.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\label.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_except.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keymgr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KEYEX32.EXE:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\key01.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kd1394.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycl.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduzb.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusx.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusl.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdur.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdukx.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduk.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuq.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtat.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsw.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsmsno.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsmsfi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl1.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru1.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdro.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpo.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl1.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdno1.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdno.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnec.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdne.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmlt48.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmlt47.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmaori.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmac.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv1.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt1.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdla.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkyr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkaz.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit142.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdir.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdinmal.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdinben.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdinbe1.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdic.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu1.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhept.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela3.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela2.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe319.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe220.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr1.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgkl.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgae.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfo.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfi1.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdest.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdes.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbddv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdda.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz2.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz1.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcan.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdca.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbu.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdblr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbene.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbe.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdazel.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdaze.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDAL.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_07-b03.log:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\joy.cpl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jobexec.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsh400.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsd400.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgmd400.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgaw400.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JETSQL35.HLP:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JETSQL35.CNT:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JETERR35.HLP:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JETERR35.CNT:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JETDEF35.HLP:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JETCOMP.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jet500.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Jet35sp3.doc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javart.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javacypt.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ixsso.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ivfsrc.ax:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\isrdbg32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ISO88591.TRN:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\isign32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irftp.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irclass.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir50_qcx.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir50_qc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxsap.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrtmgr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxroute.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrip.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxpromn.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxmontr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipv6mon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipv6.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsmsnap.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsecsnp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsec6.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprtrmgr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprtprio.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ippromon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipmontr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iologmsg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\intl.cpl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\instcat.sql:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Installer.log:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\input.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\initpki.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\infosoft.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetppui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetcplc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INETAB32.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imeshare.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ImagXRA7.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ImagXpr5.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imagx5.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imagr5.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ImageDrive.cpl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ils.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iissuba.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igmpagnt.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxzoom.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtrk.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtha.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrsve.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrrus.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptg.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptb.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrplk.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnor.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnld.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrkor.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrjpn.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrita.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrhun.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrheb.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfrc.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfra.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfin.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxresp.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrenu.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxreng.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrell.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdeu.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdan.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcsy.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcht.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrchs.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrarb.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrara.lrc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtrk.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtha.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhsve.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhrus.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptg.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptb.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhplk.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhnor.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhnld.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhkor.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhjpn.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhita.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhhun.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhheb.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfrc.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfra.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfin.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhesp.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhenu.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxheng.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhell.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdeu.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdan.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcsy.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcht.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhchs.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxharb.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhara.lhp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ifsutil.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ifmon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iexpress.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\idq.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icwphbk.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icwdial.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassvcs.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassdo.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassam.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasrecst.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasrad.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iaspolcy.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasnap.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iashlpr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasads.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasacct.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmrem.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iAlmCoIn_v3889.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\htui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hticons.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hostname.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\homepage.inf:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetmon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hlp95en.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HLINKPRX.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hlink.srg:KAVICHS |
|
09.05.2010, 21:09
| #5 |
| | Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hlduinst.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HLDRV.LOG:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hinstd.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\help.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hccoin.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\h323msp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GWFSPidGen.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.pro:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.com:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graftabl.com:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpupdate.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gptext.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpresult.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpkrsrc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpkcsp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpedit.msc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpedit.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\glmf32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getmac.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gcdef.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GAPI32.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g711codc.ax:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsxp32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxswzrd.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsperf.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsperf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsdrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscount.h:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscomex.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscom.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsclnt.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscfgwz.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fwcfg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ftp.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsutil.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsquirt.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsmgmt.msc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\framebuf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FOXUSER.FPT:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FOXUSER.DBF:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\format.com:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\forcedos.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fontview.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fontext.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fmifs.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fixmapi.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\finger.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\findstr.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\find.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fdeploy.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fde.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fc.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fastopen.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\expand.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\exe2bin.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.msc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventtriggers.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventquery.vbs:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventcreate.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventcls.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eula.txt:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eudcedit.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ETEXCH32.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentutl.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.hxx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent97.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\encdec.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\encapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EMSUIX32.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EMSUI32.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EMSMDB32.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EMSABP32.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\efsadu.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edlin.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.hlp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.com:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dxdiag.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dx8vb.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dx7vb.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dx3j.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dvdupgrd.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dvdplay.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dswave.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssec.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssec.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsprpres.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsprop.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound3d.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound.vxd:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dskquoui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsdmoprp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsdmo.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsauth.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ds32gt.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ds16gt.dLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwatson.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRVSSRVR.HLP:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmstor.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wpdusb.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vdmindvd.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbintel.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbcamd2.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbcamd.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tunmp.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tsbvcap.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tosdvd.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tape.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sonydcam.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smclib.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sffp_sd.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sffdisk.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sdbus.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\scsiport.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\riodrv.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rio8drv.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rawwan.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\processr.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\p3.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nmnt.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nikedrv.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mf.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mcd.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\imagesrv.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\imagedrv.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gmreadme.txt:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gm.dls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fsvga.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\enum1394.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\diskdump.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\crusoe.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cpqdap01.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cinemst2.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cbidf2k.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Camd905c.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\bridge.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmuni.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmlane.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmepvc.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\amdk7.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\amdk6.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\driverquery.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpwsockx.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpwsock.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpvvox.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpvsetup.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpvoice.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpvacm.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpserial.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnwsock.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnsvr.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnmodem.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnlobby.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnhpast.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnaddr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpmodemx.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dplaysvr.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dplay.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\doskey.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\docprop2.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\docprop.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DOCOBJ.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmview.ocx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmusic.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmsynth.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmstyle.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmscript.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmremote.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmloader.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmintf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmime.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmdlgs.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmconfig.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmcompos.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmband.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhst3g.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wuaueng1.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wuauclt1.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wstcodec.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmvdmod.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmsdmod.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpshell.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmploc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmplayer.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpcore.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpcd.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpasf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmp.ocx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmerror.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmdmps.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmdmlog.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\WMADMOE.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\WMADMOD.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\WgaTray.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\WgaLogon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wabimp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wab32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\viaide.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\usbstor.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\unregmp2.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\streamip.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sonypvu1.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\slip.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\setup_wm.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qasf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pciidex.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ndisip.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nabtsfec.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mswmdm.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msscp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mspmsp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mpvis.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mouhid.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhid.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hidusb.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hidserv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hhctrl.ocx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxstiff.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxst30.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxssvc.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsst.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsroute.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsres.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsperf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsmon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsext32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsevent.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxscover.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\directdb.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cewmdm.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atapi.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskperf.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskpart.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskmgmt.msc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcopy.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcopy.com:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcomp.com:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dinput8.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dimap.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\digest.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diantz.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diactfrm.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpsapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpmon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgsetup.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgnet.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dfsshlex.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dfrgui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dfrgfat.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dfrg.msc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskperf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\debug.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ddeshare.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ddeml.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dcomcnfg.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Dcache.bin:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbnmpntw.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbnetlib.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsrpcn.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\daxctle.ocx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dataclen.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dxof.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dramp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dpmesh.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ctl3d32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csseqchk.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscript.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdlg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\convert.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONVDSN.EXE:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\console.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\conime.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\confmsp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.TMP:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsnap.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compobj.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compact.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comp.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMMTB32.HLP:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMMTB32.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comaddin.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnvfat.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNFNOT32.EXE:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnetcfg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmutil.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmstp.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmsetACL.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmprops.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmpbk32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmos.ram:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmmon32.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmmgr32.hlp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmdlib.wsc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmdl32.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmdial32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmcfg32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CMC.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clipbrd.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconfg.rll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconfg.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconfg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconf.chm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cleanup.log:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cleanmgr.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ckcnv.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cipher.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cidaemon.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cic.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadv.msc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadmin.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkntfs.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkdsk.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chcp.com:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Channels anzeigen.scf:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cfgbkend.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cewmdm.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\certmgr.msc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\certmgr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdmodem.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ccfgnt.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\catsrvps.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\capesnpn.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\camocx.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\calc.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cacls.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_875.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_869.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_866.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_865.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_863.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_861.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_860.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_857.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_855.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_852.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_850.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_775.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_737.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_500.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_437.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28603.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28598.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28593.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_21866.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20905.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20866.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20261.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20127.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1252.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1026.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10082.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10081.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10079.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10029.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10017.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10010.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10007.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10006.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10000.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_037.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\btpanui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bthserv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootvrfy.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootok.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootcfg.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\blastcln.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bitsprx3.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bitsprx2.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios4.rom:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios1.rom:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bidispl.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avwav.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avtapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avmeter.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avifile.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avicap.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autolfn.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autofmt.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autodisc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autoconv.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\auditusr.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Audio3D.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\attrib.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atrace.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atmpvcno.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atmadm.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl71.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atkctrs.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATHPRXY.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\at.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asr_pfu.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asr_ldm.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asr_fmt.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asferror.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asctrls.ocx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arp.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\APPXEC32.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\appmgr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\appmgmts.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\append.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apcups.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ansi.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\amstream.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ALSNDMGR.WAV:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alrsvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ahui.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsnw.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsnds.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsmsext.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\actmovie.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acledit.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acelpdec.ax:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\accwiz.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ACCWIZ.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\access.cpl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\aaaamon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\a3d.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520850.cpx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520437.cpx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\$ncsp$.inf:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WMSUI.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WINSPOOL.DRV:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WFWNET.DRV:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VGA.DRV:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VER.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VB4DE16.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VB40016.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VAEN21.OLB:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VADE2.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TIMER.DRV:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\THREED16.OCX:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TAPI.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SYSTEM.DRV:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\stdole.tlb:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SOUND.DRV:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SHELL.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\setup.inf:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\RICHED.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLESVR.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLECLI.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OC25DEU.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OC25.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSVIDEO.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSRICHED.VBX:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MOUSE.DRV:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMTASK.TSK:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMSYSTEM.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MLCTRL.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIWAVE.DRV:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCISEQ.DRV:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIAVI.DRV:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MAPIX.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MAPIU.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MAPIFVBX.TLB:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MAPIFORM.VBX:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\LZEXPAND.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\EFDOCX.SRG:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\CTL3DV2.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\COMMDLG.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\COMDLG16.OCX:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVIFILE.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVICAP.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\system.mdw:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\SOUNDMAN.EXE:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\smscfg.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\setdebug.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Seifenblase.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe-Stuck.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\RESULT.QTW:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\REGLOCS.OLD:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Präriewind.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\ppengine.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\PI.EXE:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.isu:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBC.INI:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\NOTEPAD.EXE:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\msdfmap.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\LTDLG13N.INI:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\LETTER.EXE:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\LETTER.DAT:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Kaffeetasse.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\jautoexp.dat:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Granit.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Feder.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Fächer.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\explorer.scf:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\clock.avi:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blaue Spitzen 16.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\Angler.bmp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\agrsmdel.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Thumbs.db:KAVICHS @Alternate Data Stream - 36 bytes -> C:\setup.log:KAVICHS @Alternate Data Stream - 36 bytes -> C:\pop.1und1.com.iaf:KAVICHS @Alternate Data Stream - 36 bytes -> C:\metafile2.emf:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Logimex-WLAN.p10:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Gigaset_WLAN_Repeater_108_V0_12.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\ffastun0.ffx:KAVICHS @Alternate Data Stream - 36 bytes -> C:\ffastun.ffo:KAVICHS @Alternate Data Stream - 36 bytes -> C:\ffastun.ffl:KAVICHS @Alternate Data Stream - 36 bytes -> C:\ffastun.ffa:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Eidesstattliche Versicherung.doc:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\demo\Eigene Dateien\Thumbs.db:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\NTUSER.DAT:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\NTUSER.DAT.LOG:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\win.ini:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WudfSvc.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WPDShServiceObj.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WpdShext.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WMVDECOD.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\wmpmde.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\wmdrmsdk.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\winsrv.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\verclsid.exe:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\user32.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\TZLog.log:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\sxs.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\shsvcs.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\shdocvw.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\rasmans.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\rasadhlp.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\PortableDeviceTypes.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\PortableDeviceApi.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\nwprovau.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\msi.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MFPLAT.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\iphlpapi.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\hidserv.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\fltmc.exe:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\fltlib.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drmupgds.exe:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\WudfRd.sys:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\system32\DRIVERS\WudfPf.sys:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\wdmaud.sys:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\update.sys:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\StreamIP.sys:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\splitter.sys:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\SLIP.sys:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\rdbss.sys:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\ntfs.sys:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\NdisIP.sys:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\NABTSFEC.sys:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\MSTEE.sys:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\kmixer.sys:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\kbdhid.sys:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\system32\DRIVERS\fltMgr.sys:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\CCDECODE.sys:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\aec.sys:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\shdocvw.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\iedw.exe:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\browseui.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dhcpcsvc.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\comctl32.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\browseui.dll:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\system.ini:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\NeroDigital.ini:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\hpbafd.ini:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\explorer.exe:KAVICHS @Alternate Data Stream - 228 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS @Alternate Data Stream - 228 bytes -> C:\Programme\Windows Media Player\WMPNetwk.exe:KAVICHS @Alternate Data Stream - 228 bytes -> C:\Dokumente und Einstellungen\demo\ntuser.ini:KAVICHS @Alternate Data Stream - 228 bytes -> C:\Dokumente und Einstellungen\demo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS @Alternate Data Stream - 228 bytes -> C:\Dokumente und Einstellungen\demo\Eigene Dateien\desktop.ini:KAVICHS @Alternate Data Stream - 196 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS @Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\wtsapi32.dll:KAVICHS @Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\shfolder.dll:KAVICHS @Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\rundll32.exe:KAVICHS @Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\riched32.dll:KAVICHS @Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\srclient.dll:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\setupapi.dll:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\riched20.dll:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\regapi.dll:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\powrprof.dll:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\OemInfo.ini:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\msvcrt20.dll:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSIMTF.dll:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\msimg32.dll:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ltkrn13n.dll:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ltimg13n.dll:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ltefx13n.dll:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ltdlg13n.dll:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\LTDIS13n.dll:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\udfs.sys:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\modem.sys:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\fastfat.sys:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\cdfs.sys:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\clusapi.dll:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\cfgmgr32.dll:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\cabinet.dll:KAVICHS @Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\apphelp.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\twain_32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wzcsvc.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wsock32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wshde.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ws2help.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ws2_32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wow32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wmi.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WMADMOD.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wlnotify.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wldap32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\winsta.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\winscard.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\winmm.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WgaTray.exe:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WgaLogon.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\w29mlres.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\version.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\vdmdbg.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\uxtheme.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\utildll.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\usp10.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\userenv.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\traffic.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\tapi32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\syssetup.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ssdpapi.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\shimeng.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\sensapi.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\security.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\scesrv.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\scecli.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\scardsvr.exe:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\samsrv.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\samlib.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\resutils.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\rcbdyctl.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\rasdlg.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\rasapi32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\QuickTimeCheck.ocx:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\profmap.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\printui.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\pautoenr.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\opengl32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\olethk32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\oleacc.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\odbc32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ocmanage.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\nwapi32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ntlanman.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ntdsapi.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\newdev.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\netui2.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\netui1.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\netui0.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\netshell.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\netrap.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\netcfgx.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\nddeapi.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ncobjapi.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msvfw32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msvcrt40.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msvcrt.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msvcr71.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msvcp71.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msvcp60.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msvcirt.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msutb.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mssign32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msoert2.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msoeacct.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msimsg.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msihnd.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msiexec.exe:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msgina.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msftedit.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mscat32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msacm32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mprapi.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mpr.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mmsys.cpl:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mmcbase.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mlang.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mfcsubs.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mfc42u.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ltfil13n.DLL:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\linkinfo.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lftif13n.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lfpcx13n.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lfpcd13n.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lflmb13n.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lfjbg13n.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lffpx13n.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lffax13n.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\LFCMP13n.DLL:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lfbmp13n.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\LegitCheckControl.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\jsde.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\imm32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\imagehlp.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\icmp.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\icaapi.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\hlink.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\hccutils.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\glu32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\getuname.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\fxsevent.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\fxsapi.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\faultrep.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\esent.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\duser.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\dsound.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\wanarp.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\viaide.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\termdd.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\sfloppy.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\serial.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\rdpwd.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\raspppoe.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\rasl2tp.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\rasirda.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\psched.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\pcmcia.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\pciide.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\pci.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\parport.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\null.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\nscirda.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\npfs.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\nic1394.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ndproxy.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ndiswan.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ndisuio.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ndistapi.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ndis.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\msfs.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\irenum.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ipsec.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ipnat.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ipinip.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ip6fw.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\intelide.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\imapi.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\hidusb.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\ftdisk.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\flpydisk.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\fips.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\fdc.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\disk.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\compbatt.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\cdrom.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\cdaudio.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\beep.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\atmarpc.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\asyncmac.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\arp1394.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\ACPIEC.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\ACPI.sys:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\dfrgres.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\dfrgntfs.exe:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\desk.cpl:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ddraw.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\dciman32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\dbghelp.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\cscdll.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\cryptui.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\cryptnet.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\crypt32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\cr2c70de.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\comres.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\compstui.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\colbact.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\cards.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\bootvid.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\blackbox.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\batt.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\batmeter.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\avicap32.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\authz.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\audiodev.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\atmlib.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\activeds.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\aclui.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe:KAVICHS @Alternate Data Stream - 100 bytes -> C:\Dokumente und Einstellungen\demo\Desktop\Allmenu 2004.lnk:KAVICHS < End of report > |
|
09.05.2010, 21:30
| #6 |
| | Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! Habe den Logfile Extras übersehen wenn das wichtig ist poste ich es anbei mit. Vielen Dank für die tolle Hilfim voraus ihr macht einen tollen Job!!!  )OTL Extras logfile created on: 09.05.2010 21:37:08 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\demo\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 494,00 Mb Total Physical Memory | 213,00 Mb Available Physical Memory | 43,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): C:\pagefile.sys 744 1488 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55,93 Gb Total Space | 30,90 Gb Free Space | 55,25% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MAXDATA-9C58E35 Current User Name: demo Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .scr [@ = scrfile] -- "%1" /S %* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S %* txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services "9232:TCP" = 9232:TCP:*:Enabled:Services "9233:TCP" = 9233:TCP:*:Enabled:Services "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet isabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet isabled:@xpsp2res.dll,-22008"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services "9232:TCP" = 9232:TCP:*:Enabled:Services "9233:TCP" = 9233:TCP:*:Enabled:Services "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe" = C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe:* isabled:Kaspersky Anti-Virus Service -- File not found"C:\Programme\BearShare\BearShare.exe" = C:\Programme\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found "C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found "C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe" = C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc. Player -- File not found "C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found "C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Programme\Winamp Remote\bin\Orb.exe" = C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found "C:\Programme\Winamp Remote\bin\OrbTray.exe" = C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found "C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks) "C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{1C04D433-2EDF-4AFB-B31B-C0B13065092F}" = MagicTune3.6_Client_pivot "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15 "{2C091730-3788-4F16-A032-433AC9931375}" = Misc "{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3871DA1E-D863-4548-8465-A2F55D4BFC95}" = UGuide "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{48ECA82D-8EDC-4873-A9FE-F3B1B4C07153}" = PrintForm 5.0 "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6022B4FC-4698-4A62-B9FD-54809A9E06F8}" = MPM "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1 "{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0 "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp "{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003 "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A250D351-A07F-4D5D-AB6C-693C69B9BFAF}" = Hercules Webcam "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU "{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C9F9BEAE-3963-41D3-B970-CA60C6A71179}" = HP Officejet K7100 Series Toolbox "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D208F4A7-6B73-4C2A-8B1E-8756FCBA831E}" = Hercules WebCam Station "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0 "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "{FEF37D4E-4DD2-4F58-B491-6EC28C6506A7}" = Drivers "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "Allplan 2004" = Nemetschek Allplan 2004 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "Hardlock Device Driver" = Hardlock Device Driver "HP Officejet K7100 Series" = HP Officejet K7100 Series "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie8" = Windows Internet Explorer 8 "lvdrivers_11.50" = Logitech QuickCam-Treiberpaket "LXF" = LXF "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "Nero - Burning Rom!UninstallKey" = Nero OEM "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "ProInst" = Intel(R) PROSet/Wireless Software "QuickTime" = QuickTime "Runtime" = Runtime "Skype_is1" = Skype 3.0 "SynTPDeinstKey" = Synaptics Pointing Device Driver "ToolBand.SkypeIEToolbarToolbar" = Skype add-on for IE "WIC" = Windows Imaging Component "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR Archivierer "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 08.05.2010 12:55:17 | Computer Name = MAXDATA-9C58E35 | Source = Userenv | ID = 1041 Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}" nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich durch eine fehlerhafte Registrierung verursacht. Error - 08.05.2010 12:56:35 | Computer Name = MAXDATA-9C58E35 | Source = AutoEnrollment | ID = 15 Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung wird nicht durchgeführt. Error - 08.05.2010 16:19:55 | Computer Name = MAXDATA-9C58E35 | Source = Userenv | ID = 1054 Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen. Error - 08.05.2010 16:19:56 | Computer Name = MAXDATA-9C58E35 | Source = Userenv | ID = 1041 Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}" nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich durch eine fehlerhafte Registrierung verursacht. Error - 08.05.2010 16:19:56 | Computer Name = MAXDATA-9C58E35 | Source = Userenv | ID = 1041 Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}" nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich durch eine fehlerhafte Registrierung verursacht. Error - 08.05.2010 16:21:00 | Computer Name = MAXDATA-9C58E35 | Source = AutoEnrollment | ID = 15 Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung wird nicht durchgeführt. Error - 09.05.2010 05:13:29 | Computer Name = MAXDATA-9C58E35 | Source = Userenv | ID = 1054 Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen. Error - 09.05.2010 05:14:31 | Computer Name = MAXDATA-9C58E35 | Source = AutoEnrollment | ID = 15 Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung wird nicht durchgeführt. Error - 09.05.2010 15:12:38 | Computer Name = MAXDATA-9C58E35 | Source = Userenv | ID = 1054 Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen. Error - 09.05.2010 15:13:47 | Computer Name = MAXDATA-9C58E35 | Source = AutoEnrollment | ID = 15 Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung wird nicht durchgeführt. [ System Events ] Error - 08.05.2010 16:30:14 | Computer Name = MAXDATA-9C58E35 | Source = W32Time | ID = 39452701 Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. Error - 08.05.2010 16:45:19 | Computer Name = MAXDATA-9C58E35 | Source = W32Time | ID = 39452701 Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 29 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. Error - 09.05.2010 05:13:28 | Computer Name = MAXDATA-9C58E35 | Source = NETLOGON | ID = 5719 Description = Es steht kein Domänencontroller für die Domäne LOGIMEX aus folgendem Grund zur Verfügung: %%1311. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist, und versuchen Sie es erneut. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. Error - 09.05.2010 05:17:14 | Computer Name = MAXDATA-9C58E35 | Source = W32Time | ID = 39452701 Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. Error - 09.05.2010 05:17:18 | Computer Name = MAXDATA-9C58E35 | Source = W32Time | ID = 39452701 Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. Error - 09.05.2010 05:17:43 | Computer Name = MAXDATA-9C58E35 | Source = W32Time | ID = 39452701 Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. Error - 09.05.2010 05:32:47 | Computer Name = MAXDATA-9C58E35 | Source = W32Time | ID = 39452701 Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 29 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. Error - 09.05.2010 06:02:48 | Computer Name = MAXDATA-9C58E35 | Source = W32Time | ID = 39452701 Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 59 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. Error - 09.05.2010 15:12:34 | Computer Name = MAXDATA-9C58E35 | Source = NETLOGON | ID = 5719 Description = Es steht kein Domänencontroller für die Domäne **** aus folgendem Grund zur Verfügung: %%1311. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist, und versuchen Sie es erneut. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. Error - 09.05.2010 15:15:21 | Computer Name = MAXDATA-9C58E35 | Source = W32Time | ID = 39452701 Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit. < End of report > |
|
10.05.2010, 12:38
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! Halllo und  Malwarebytes' Anti-Malware 1.45 Datenbank Version: 3930 Malwarebytes war nicht aktuell. Bitte auf Version 1.46 updaten und manuell noch auf Datenbank Version 4085 bringen, dann bitte einen Vollscan machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.05.2010, 10:41
| #8 |
| | Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! Danke vielmals für die Antwort und Hilfestellung! Nach aktuallisierung und Vollscan von Malwarebytes. Log im Anhang als .txt |
|
11.05.2010, 10:45
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.05.2010, 22:27
| #10 |
| | Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! Ich habe Rkill zuvor gestart. Würde es Combofix daran hindern bzw. bei der Arbeit die Ergebnisse verfälschen/behindern? |
Linear-Darstellung
