Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.05.2010, 19:54   #1
Alfadas
 
Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! - Standard

Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!



Hallo,
Vorserst muss ich mich entschuldigen dass ich mein Post zuvor versehentlich im falschen Themenbereich eingestellt hatte (Hijacker / HiJackThis Logs posten).

Jetzt zum eigentlichen Thema:

Ich habe mir auf meinem Laptop (WinXP) Antimalware Doctor eingefangen. Mein AV gab mir zu Beginn die Mitteilung von einer Schadsoftware die ich dann gelöschte habe.
Ich habe auch versucht durch Anleitung auf Trojaner-Board die Spyware zu entfernen mittels Rkill und danach Malwarebytes Anti-Malware Scan. Nachdem Neustart war auf dem Desktop die Verknüpfung weg aber das Schadprogramm ist immer noch vorhanden. Ich habe einen zweiten Scan mit mbam durchgeführt. Aber es scheint ziemlich hartnäckig zu sein.

Dazu habe ich noch eine Meldung vom PC und blauer Bildschirm
STOP 0x0000007A - KERNEL_DATA_INPAGE_ERROR
Diese Meldung kam beim Scan mit meinem AV programm.

Nach dem Neustart habe ich zusätzlich eine Warnung vom AV erhalten.

TR/Agent.gyi.236032
C:\Dokumente und Einstellungen\demo\Lokale Einstellungen\Temp\Ldv.exe

was ich gelöscht habe.



Hier die Logs von MBAM und RSIT in der Hoffnung ich komme weiter und bekomme dieses "Ding" entfernt.

Vielen Dank im voraus für die Bemühungen!



Logfile of random's system information tool 1.07 (written by random/random)
Run by demo at 2010-05-08 23:03:09
Microsoft Windows XP Professional Service Pack 2
System drive C: has 32 GB (55%) free of 57 GB
Total RAM: 494 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:03:36, on 08.05.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\demo\Desktop\RSIT.exe
C:\Programme\trend micro\demo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.gmx.net/tab2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://go.gmx.net/suchbox/gmxsuche?su=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: GMX Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\system32\ieconfig_1und1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\DOKUME~1\demo\LOKALE~1\Temp\Ldx.exe
O4 - HKCU\..\Run: [gotnewupdate000.exe] C:\Dokumente und Einstellungen\demo\Anwendungsdaten\651CB9580CA8C43E36E4CF3E12280F8E\gotnewupdate000.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Antimalware Doctor.lnk = C:\Dokumente und Einstellungen\demo\Anwendungsdaten\651CB9580CA8C43E36E4CF3E12280F8E\gotnewupdate000.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - hxxp://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {FDC847F8-DA70-4442-8072-FF883F34D14A} - hxxp://toolbar.dasoertliche-marketing.de/toolbar/normal/download/DasOertlicheToolbar.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = logimex.local
O17 - HKLM\Software\..\Telephony: DomainName = logimex.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = logimex.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 8940 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AC823E4A9185B08A.job
C:\WINDOWS\tasks\WGASetup.job
C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2007-01-29 747048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D48FF4B4-E68F-47D1-8E25-81A0F0EEB341}]
GMX Browser Configuration by mquadr.at - C:\Windows\system32\ieconfig_1und1.dll [2009-12-01 610168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-08-11 67584]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-07-22 88363]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784]
"RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"SynTPLpr"=C:\Programme\Synaptics\SynTP\SynTPLpr.exe [2003-04-19 110592]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2003-04-19 610304]
"IntelZeroConfig"=C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718]
"IntelWireless"=C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182]
"EOUApp"=C:\Programme\Intel\Wireless\Bin\EOUWiz.exe [2005-12-28 569413]
"zzzHPSETUP"=D:\Setup.exe []
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NoIE4StubProcessing"=C:\WINDOWS\system32\reg.exe [2004-08-04 53248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"M5T8QL3YW3"=C:\DOKUME~1\demo\LOKALE~1\Temp\Ldx.exe [2010-05-04 162304]
"gotnewupdate000.exe"=C:\Dokumente und Einstellungen\demo\Anwendungsdaten\651CB9580CA8C43E36E4CF3E12280F8E\gotnewupdate000.exe [2010-05-04 743424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Programme\HP\HP Software Update\HPWuSchd2.exe []

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Acrobat Assistant.lnk - C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Dokumente und Einstellungen\demo\Startmenü\Programme\Autostart
Antimalware Doctor.lnk - C:\Dokumente und Einstellungen\demo\Anwendungsdaten\651CB9580CA8C43E36E4CF3E12280F8E\gotnewupdate000.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\MSN Messenger\msncall.exe"="C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Programme\Winamp Remote\bin\Orb.exe"="C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Programme\Winamp Remote\bin\OrbTray.exe"="C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe"="C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe:*isabled:Kaspersky Anti-Virus Service"
"C:\Programme\BearShare\BearShare.exe"="C:\Programme\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\MSN Messenger\msncall.exe"="C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe"="C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc. Player"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e1f8ea0-4597-11dc-8dc2-000e35b959a8}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======File associations======

.scr - open - "%1" /S %*

======List of files/folders created in the last 1 months======

2010-05-08 22:51:09 ----N---- C:\WINDOWS\system32\SETCA.tmp
2010-05-08 22:51:08 ----N---- C:\WINDOWS\system32\SETCB.tmp
2010-05-08 22:51:03 ----N---- C:\WINDOWS\system32\SETCF.tmp
2010-05-08 22:51:03 ----N---- C:\WINDOWS\system32\SETCE.tmp
2010-05-08 22:51:02 ----N---- C:\WINDOWS\system32\SETD0.tmp
2010-05-08 22:51:01 ----N---- C:\WINDOWS\system32\SETD3.tmp
2010-05-08 22:50:55 ----N---- C:\WINDOWS\system32\SETD5.tmp
2010-05-08 22:47:13 ----A---- C:\WINDOWS\imsins.BAK
2010-05-08 22:39:26 ----HDC---- C:\WINDOWS\ie8
2010-05-08 22:37:21 ----D---- C:\WINDOWS\LastGood
2010-05-08 19:15:03 ----D---- C:\Programme\trend micro
2010-05-08 19:15:00 ----D---- C:\rsit
2010-05-08 09:36:31 ----D---- C:\Dokumente und Einstellungen\demo\Anwendungsdaten\Malwarebytes
2010-05-08 09:36:09 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-05-08 09:36:08 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-05-04 19:37:40 ----A---- C:\WINDOWS\lsrslt.ini
2010-05-04 18:27:26 ----A---- C:\WINDOWS\Lvufaa.exe
2010-05-04 18:27:02 ----D---- C:\Dokumente und Einstellungen\demo\Anwendungsdaten\651CB9580CA8C43E36E4CF3E12280F8E

======List of files/folders modified in the last 1 months======

2010-05-08 22:55:37 ----HD---- C:\WINDOWS\inf
2010-05-08 22:55:35 ----D---- C:\Windows
2010-05-08 22:55:28 ----D---- C:\WINDOWS\system32
2010-05-08 22:55:19 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-05-08 22:55:19 ----D---- C:\Programme\Internet Explorer
2010-05-08 22:53:49 ----D---- C:\WINDOWS\ie8updates
2010-05-08 22:52:28 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-08 22:52:11 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-08 22:46:30 ----D---- C:\WINDOWS\system32\de-de
2010-05-08 22:45:40 ----D---- C:\WINDOWS\Media
2010-05-08 22:45:18 ----D---- C:\WINDOWS\Help
2010-05-08 22:44:24 ----D---- C:\WINDOWS\Temp
2010-05-08 22:33:04 ----D---- C:\WINDOWS\Debug
2010-05-08 22:27:52 ----D---- C:\WINDOWS\Prefetch
2010-05-08 22:21:26 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2010-05-08 22:20:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-08 22:20:21 ----SD---- C:\WINDOWS\Tasks
2010-05-08 19:15:03 ----RD---- C:\Programme
2010-05-08 18:54:35 ----D---- C:\WINDOWS\Minidump
2010-05-08 16:58:29 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-05-08 16:58:29 ----D---- C:\WINDOWS\system32\drivers
2010-05-06 08:31:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-05 11:29:59 ----D---- C:\Dokumente und Einstellungen
2010-05-04 18:37:13 ----D---- C:\WINDOWS\system32\LogFiles
2010-05-04 18:15:21 ----D---- C:\Programme\Mozilla Firefox
2010-04-27 11:59:38 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-15 09:25:57 ----DC---- C:\WINDOWS\i386
2010-04-15 09:21:43 ----SHD---- C:\WINDOWS\Installer
2010-04-15 09:21:42 ----HD---- C:\Config.Msi
2010-04-15 09:20:39 ----A---- C:\WINDOWS\vbaddin.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-02-25 21275]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-09 56816]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink-NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII-Protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-07-22 1266380]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-08-11 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-11 626977]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-07-06 44032]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2004-07-06 190804]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 NSCIRDA;NSC-Infrarotgerätetreiber; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-04 28672]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2003-04-19 270288]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-09-12 3298432]
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ids00026;ids00026; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys []
S3 ids0005c;ids0005c; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys []
S3 ids00118;ids00118; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys []
S3 ids0014f;ids0014f; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys []
S3 ids0015d;ids0015d; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2004-10-11 12062]
S3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2004-07-06 5817]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 ovt530;Webcam Classic; C:\WINDOWS\System32\Drivers\ov530vid.sys [2005-03-15 161792]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-12 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-12 1279000]
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SQTECH905C;DB CIF Cam; C:\WINDOWS\System32\Drivers\Capt905c.sys [2006-01-26 34686]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 w22n51;Intel(R) PRO/Wireless 2200 Adapter-Treiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w22n51.sys [2004-08-30 3151232]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 NWCWorkstation;Client Service für NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745]
R2 SeaPort;SeaPort; C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 268800]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2009-01-07 26144]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-14 72704]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-24 920576]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------




Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3930

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

08.05.2010 16:52:08
mbam-log-2010-05-08 (16-52-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 222293
Laufzeit: 2 Stunde(n), 17 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 13
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 12

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\Windows\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Windows\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Dokumente und Einstellungen\demo\Eigene Dateien\Downloads\packupdate_build106_231.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\HelpAssistant\Eigene Dateien\Downloads\packupdate_build106_231.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Windows\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\demo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\HelpAssistant\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\demo\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\HelpAssistant\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\demo\Startmenü\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\HelpAssistant\Startmenü\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Windows\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.




Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3930

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

08.05.2010 18:40:32
mbam-log-2010-05-08 (18-40-32).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 136043
Laufzeit: 13 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Geändert von Alfadas (09.05.2010 um 20:11 Uhr)

Alt 09.05.2010, 20:52   #2
Alfadas
 
Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! - Icon22

Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!



Jetzt habe ich zusätzlich OTL geladen und einen scan durchgeführt.
Mbam habe ich auch noch einmal durchlaufen lassen.

Ich muss diesen Post splitten da er zu lang ist!

Zu dem blauen Bildschirm das ich heute nachmittag hatte
folgendes stand noch:
Stop 0x0000007A (0xC03DE20C, 0xC000000E, 0xF788343A, 0x0C7CF860)
PCIDEX.sys Address F788343A
base at F787F00 Datestamo 41107b4c

-Ende der Nachricht - (

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3930

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

09.05.2010 21:32:03
mbam-log-2010-05-09 (21-32-03).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 136451
Laufzeit: 12 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)





OTL logfile created on: 09.05.2010 21:37:08 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\demo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

494,00 Mb Total Physical Memory | 213,00 Mb Available Physical Memory | 43,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,93 Gb Total Space | 30,90 Gb Free Space | 55,25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAXDATA-9C58E35
Current User Name: demo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\demo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\demo\Lokale Einstellungen\Temp\Ldx.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\MDM.EXE (Microsoft Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\demo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\system32\SynTPFcs.dll (Synaptics, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\Windows\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (LVUSBSta) -- C:\Windows\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (hardlock) -- C:\Windows\system32\drivers\hardlock.sys (Aladdin Knowledge Systems)
DRV - (SQTECH905C) -- C:\Windows\system32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (s24trans) -- C:\Windows\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) Intel(R) -- C:\Windows\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (ovt530) -- C:\Windows\system32\drivers\ov530vid.sys (OmniVision Technologies, Inc.)
DRV - (Afc) -- C:\Windows\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (MagicTune) -- C:\Windows\system32\drivers\MTiCtwl.sys ()
DRV - (w22n51) Intel(R) -- C:\Windows\system32\drivers\w22n51.sys (Intel® Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\Windows\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - (NwlnkIpx) -- C:\Windows\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- C:\Windows\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\Windows\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (gameenum) -- C:\Windows\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (NSCIRDA) -- C:\Windows\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (CONAN) -- C:\Windows\system32\drivers\o2mmb.sys (O2 Micro )
DRV - (MbxStby) -- C:\Windows\system32\drivers\MbxStby.sys (O2 Micro)
DRV - (bcm4sbxp) -- C:\Windows\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (SynTP) -- C:\Windows\system32\drivers\SynTP.sys (Synaptics, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://de.search.yahoo.com/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.gmx.net/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = go.gmx.net/tab2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 3B 84 5E F6 77 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.05 13:41:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.05 22:35:56 | 000,000,000 | ---D | M]

[2010.03.11 16:53:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\demo\Anwendungsdaten\Mozilla\Extensions
[2010.05.08 22:46:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\demo\Anwendungsdaten\Mozilla\Firefox\Profiles\e8ooan6e.default\extensions
[2010.03.11 17:26:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\demo\Anwendungsdaten\Mozilla\Firefox\Profiles\e8ooan6e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.11 16:53:10 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2007.10.16 10:49:08 | 000,004,188 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD
O1 - Hosts: 46 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (GMX Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\system32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [zzzHPSETUP] D:\Setup.exe File not found
O4 - HKCU..\Run: [gotnewupdate000.exe] C:\Dokumente und Einstellungen\demo\Anwendungsdaten\651CB9580CA8C43E36E4CF3E12280F8E\gotnewupdate000.exe File not found
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Dokumente und Einstellungen\demo\Lokale Einstellungen\Temp\Ldx.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\demo\Startmenü\Programme\Autostart\Antimalware Doctor.lnk = C:\Dokumente und Einstellungen\demo\Anwendungsdaten\651CB9580CA8C43E36E4CF3E12280F8E\gotnewupdate000.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FDC847F8-DA70-4442-8072-FF883F34D14A} hxxp://toolbar.dasoertliche-marketing.de/toolbar/normal/download/DasOertlicheToolbar.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = logimex.local
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\demo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\demo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.12.22 12:12:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5e1f8ea0-4597-11dc-8dc2-000e35b959a8}\Shell - "" = AutoRun
O33 - MountPoints2\{5e1f8ea0-4597-11dc-8dc2-000e35b959a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5e1f8ea0-4597-11dc-8dc2-000e35b959a8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.09 21:33:18 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\demo\Desktop\OTL.exe
[2010.05.08 22:39:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.05.08 19:15:03 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.05.08 19:15:00 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.08 19:13:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\demo\Desktop\Neuer Ordner
[2010.05.08 18:42:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\demo\Recent
[2010.05.08 09:36:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\demo\Anwendungsdaten\Malwarebytes
[2010.05.08 09:36:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.05.08 09:36:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.05.08 09:36:08 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.05.08 09:36:08 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.04 18:27:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\demo\Anwendungsdaten\651CB9580CA8C43E36E4CF3E12280F8E
[2010.05.04 09:39:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\demo\Desktop\fotos vom stick
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.09 21:14:50 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.09 21:13:25 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.09 21:13:04 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010.05.09 21:12:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.09 21:12:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.09 20:55:30 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\demo\Desktop\OTL.exe
[2010.05.09 12:00:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\tasks\AC823E4A9185B08A.job
[2010.05.08 23:13:14 | 007,077,888 | -H-- | M] () -- C:\Dokumente und Einstellungen\demo\NTUSER.DAT
[2010.05.08 23:12:54 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\demo\ntuser.ini
[2010.05.08 23:12:34 | 006,291,456 | -H-- | M] () -- C:\Dokumente und Einstellungen\demo\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.05.08 22:50:53 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.05.08 18:26:38 | 000,824,681 | ---- | M] () -- C:\Dokumente und Einstellungen\demo\Desktop\RSIT.exe
[2010.05.08 18:24:30 | 000,000,704 | ---- | M] () -- C:\Dokumente und Einstellungen\demo\Eigene Dateien\cc_20100508_182359.reg
[2010.05.08 18:23:43 | 000,039,226 | ---- | M] () -- C:\Dokumente und Einstellungen\demo\Eigene Dateien\cc_20100508_182325.reg
[2010.05.08 17:25:00 | 000,001,593 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010.05.08 09:36:22 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.08 09:22:50 | 000,363,520 | ---- | M] () -- C:\Dokumente und Einstellungen\demo\Desktop\iExplore.exe
[2010.05.06 08:31:36 | 000,447,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.05.06 08:31:35 | 000,467,522 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.05.06 08:31:35 | 000,088,280 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.05.06 08:31:35 | 000,074,376 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.05.06 08:31:34 | 000,004,984 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.05.04 18:28:53 | 000,001,212 | ---- | M] () -- C:\Dokumente und Einstellungen\demo\Startmenü\Programme\Autostart\Antimalware Doctor.lnk
[2010.05.04 18:27:01 | 000,164,352 | ---- | M] () -- C:\WINDOWS\Lvufaa.exe
[2010.05.04 18:15:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.05.04 09:41:41 | 000,081,920 | ---- | M] () -- C:\Dokumente und Einstellungen\demo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.27 11:59:38 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.15 09:20:39 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010.04.13 18:51:42 | 000,007,604 | ---- | M] () -- C:\Dokumente und Einstellungen\demo\Desktop\cay.jpg
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.08 22:47:13 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.05.08 19:03:05 | 000,824,681 | ---- | C] () -- C:\Dokumente und Einstellungen\demo\Desktop\RSIT.exe
[2010.05.08 18:24:01 | 000,000,704 | ---- | C] () -- C:\Dokumente und Einstellungen\demo\Eigene Dateien\cc_20100508_182359.reg
[2010.05.08 18:23:31 | 000,039,226 | ---- | C] () -- C:\Dokumente und Einstellungen\demo\Eigene Dateien\cc_20100508_182325.reg
[2010.05.08 18:18:46 | 000,363,520 | ---- | C] () -- C:\Dokumente und Einstellungen\demo\Desktop\iExplore.exe
[2010.05.08 09:36:22 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.04 19:37:40 | 000,001,593 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010.05.04 18:28:53 | 000,001,212 | ---- | C] () -- C:\Dokumente und Einstellungen\demo\Startmenü\Programme\Autostart\Antimalware Doctor.lnk
[2010.05.04 18:27:26 | 000,164,352 | ---- | C] () -- C:\WINDOWS\Lvufaa.exe
[2010.05.04 18:27:16 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.04.13 18:51:41 | 000,007,604 | ---- | C] () -- C:\Dokumente und Einstellungen\demo\Desktop\cay.jpg
[2008.12.15 01:19:14 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2008.08.21 20:35:50 | 000,000,195 | ---- | C] () -- C:\WINDOWS\Pfview.INI
[2008.07.18 15:19:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2008.05.06 17:55:40 | 000,000,393 | ---- | C] () -- C:\WINDOWS\PrintForm.INI
[2008.04.26 21:32:36 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008.03.06 14:04:28 | 000,000,777 | ---- | C] () -- C:\WINDOWS\EditForm.INI
[2008.02.29 22:03:11 | 000,012,062 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTiCtwl.sys
[2007.06.14 16:55:41 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2007.03.20 11:31:48 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007.03.20 11:05:56 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2007.01.27 15:51:10 | 000,001,024 | ---- | C] () -- C:\WINDOWS\ppengine.ini
[2005.08.27 11:59:58 | 000,000,354 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2005.08.26 19:33:49 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005.07.28 13:19:45 | 000,195,072 | ---- | C] () -- C:\WINDOWS\System32\msodeGER.dll
[2005.07.11 22:39:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005.05.20 20:32:17 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.03.16 13:14:11 | 000,000,774 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.02.09 09:22:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.02.09 09:22:39 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005.02.09 09:10:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.02.09 09:10:16 | 000,001,110 | ---- | C] () -- C:\WINDOWS\System32\OemInfo.ini
[2005.02.09 09:07:11 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003.02.20 15:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000.04.14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998.06.11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1997.09.04 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997.09.04 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997.09.04 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\VADE232.DLL
[1997.09.04 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\wmprfDEU.prx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\winhlp32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\unin0407.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\twain.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\zipfldr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpsp2res.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpsp1res.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpob2res.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xolehlp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xmlprovi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wzcsapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wzcdlg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wupdmgr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WUDFx.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WudfPlatform.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WudfHost.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WUDFCoinstaller.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuauserv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaueng1.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuauclt1.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wsnmp32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshtcpip.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshisn.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshirda.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshext.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wscsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wscript.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpdshextres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpdshextautoplay.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpd_ci.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wowexec.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVXENCD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVSENCD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVSDECD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVENCOD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmvdmoe2.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVADVD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpshell.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpps.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpns.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmploc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmerror.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmdmps.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmdmlog.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMADMOE.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winspool.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winrnr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winoldap.mod:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winmine.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winlogon.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winipsec.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\win87em.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\win32spl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wiavusd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wiashext.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wiaservc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wiadefui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wiaacmgr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\webclnt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wdmaud.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wdfmgr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\watchdog.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\w3ssl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\w32time.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\w29NCPA.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vwipxspx.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vwipxspx.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vssvc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vssapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vmhelper.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VFP6RENU.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VFP6RDEU.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VFP6R.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vbsde.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\userinit.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\user.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usbmon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ups.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\upnphost.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\upnp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\uniplat.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unimdmat.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unimdm.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unicode.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\umpnpmgr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ulib.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\txflog.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\twext.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsccvid.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsappcmp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\trkwks.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tourstart.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\toolhelp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tlntsvr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timedate.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ticrf.rat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\themeui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\termsrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tcpmon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tcpmib.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\taskmgr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapiui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapisrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sysdm.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynTPFcs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynTPAPI.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynCOM.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\svchost.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\streamci.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\storprop.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stobject.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sti_ci.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sti.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole2.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssdpsrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\srvsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\srsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\srrstr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spoolsv.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spoolss.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spider.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sorttbls.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sortkey.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sol.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\softpub.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\snmpapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sndvol32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sndrec32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smss.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smlogsvc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smlogcfg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\slbrccsp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\slbiop.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\slayerxp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sl_anet.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sigtab.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shmgrate.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shmedia.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shimgvw.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shgina.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shell.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shdoclc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfcfiles.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc_os.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sethc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sessmgr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sens.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\seclogon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sdhcinst.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\schedsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sccsccp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scarddlg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\runonce.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rtutils.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rshx32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsaenh.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\remotesp.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\remotepg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\regsvr32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\regsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\reg.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\redir.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rdshost.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rcimlby.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rastapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rassapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasppp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasman.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\QuickTimeVR.qtx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\QuickTimeMusicalInstruments.qtx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\QuickTime.qts:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qmgrprxy.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qmgr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qedit.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qdvd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS
__________________


Alt 09.05.2010, 20:58   #3
Alfadas
 
Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! - Standard

Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!



Post 2
\System32\qcap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qasf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pstorsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pstorec.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\psbase.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\psapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\progman.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\powercfg.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PortableDeviceWMDRM.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PortableDeviceWiaCompat.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PortableDeviceClassExtension.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pnrpnsp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pjlmon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ping.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pifmgr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pidgen.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfproc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PCDLIB32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\packager.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olesvr32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olepro32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oledlg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olecnv32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olecli32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oleaccrc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ole32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.sig:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.bin:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbcjt32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbcji32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbcint.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbccp32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbcbcp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nwwks.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nwc.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nwapi16.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nw16.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nusrmgr.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntvdmd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntvdm.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntshrui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntsdexts.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntmsmgr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntmsapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntmarta.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntlsapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntio.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdos.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nscompat.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\notepad.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netware.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netsetup.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netplwiz.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netmsg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netman.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netlogon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netid.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netevent.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netdde.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ndptsp.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ncpa.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mydocs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mycomput.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml4r.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml3r.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml3a.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml2.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mswmdm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mstsc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mstlsapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mstask.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msscp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msprpde.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msprivs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msports.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mspmsp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mspmsnsv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mspatcha.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msnetobj.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjava.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msisip.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msidntld.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msidle.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msident.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mshearts.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msh261.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSFLXGRD.OCX:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdxm.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdtc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdmo.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdelta.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdart.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSCTFP.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscdexnt.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msawt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msadp32.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mprui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mpnotify.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MPG4DECD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MPG4C32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mpg2splt.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MP4SDECD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MP43DECD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\moricons.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\modemui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mobsync.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mobsync.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mnmsrvc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmcshext.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmcndmgr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\midimap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mgmtapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MFC71.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc42loc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc42.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc40u.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc40loc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mf3216.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MDT2FW95.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mdminst.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mciseq.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mciqtz32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcicda.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mciavi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcd32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mapisvc.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MAPISTUB.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MAPI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\main.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lz32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LuResult.txt:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LTCLR13n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lsass.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lpk.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\logonui.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\logon.scr:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lodctr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\locator.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\localsec.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\locale.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\loadperf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lmrt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lmhsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\licwmi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\licdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfwmf13n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lftga13n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfras13n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfpsd13n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Lfpng13n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfpdf13n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Lfpct13n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfimg13n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lfeps13n.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\l3codecp.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\l_intl.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\krnl386.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\korean.uce:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kmddsp.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\keyboard.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kdcom.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdus.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdgr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kb16.com:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kanji_2.uce:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kanji_1.uce:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jview.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jit.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jgpl400.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jgdw400.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jdbgmgr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javasup.vxd:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javaprxy.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javaee.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iuengine.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\itss.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\itircl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\irprops.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\irmon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir50_32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir41_qcx.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir41_qc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir41_32.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipxwan.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipsink.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipsecsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iprop.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipnathlp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipconfig.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipconf.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetpp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetmib1.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetcfg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Indeo4.qtx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\imapi.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ImagXR7.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ImagXpr7.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ImagX7.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\imaadp32.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxtray.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxsrvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxress.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxpph.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxhk.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxext.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxexps.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxeud.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdo.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdiag.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdgps.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdev.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxcpl.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxcfg.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IE7Eula.rtf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ideograf.uce:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icmui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icm32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icfgnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iccvid.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmrnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmgicd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmgdev.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdev5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdd5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iac25_32.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hypertrm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hotplug.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hnetwiz.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hnetcfg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hlvdd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hkcmd.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\himem.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hidphone.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hid.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hhsetup.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hhctrl.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hdwwiz.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hal.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\h323.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\grpconv.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\geo.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\gdiplus.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\gdi.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\gb2312.uce:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxstiff.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxst30.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxssvc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsst.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxssend.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsroute.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsmon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsext32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxscover.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsclntR.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ftsrch.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fsusd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\freecell.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FLXGDDE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fldrclnr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\firewall.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\filemgmt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\feclient.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\exts.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\extrac32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\expsrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\eventlog.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ersvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\els.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ega.cpi:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dxmasf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dxdiagn.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dwwin.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dumprep.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dsuiext.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dssenh.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dsquery.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dskquota.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drprov.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drmv2clt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drmclien.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\WSTCODEC.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wmilib.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\w29n51.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\w22n51.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\volsnap.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\videoprt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\vga.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbuhci.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\USBSTOR.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbport.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbhub.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbehci.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\tdtcp.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\tdpipe.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\tdi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sysaudio.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SynTP.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\swmidi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\swenum.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\sr.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SONYPVU1.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\serenum.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\s24trans.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\redbook.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rdpdr.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\raspptp.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\pciidex.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\parvdm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\partmgr.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\oprghdlr.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ohci1394.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\o2mmb.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwrdr.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkspx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnknb.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkipx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\netbt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\netbios.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mup.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mssmbios.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MSPQM.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MSPCLOCK.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MSKSSRV.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\msgpc.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mountmgr.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mouhid.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mouclass.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mnmdd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MbxStby.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\kbdclass.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\isapnp.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\irda.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\intelppm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ialmnt5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\i8042prt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hidparse.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hidclass.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hardlock.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\gameenum.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\fs_rec.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxgthk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxg.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxapi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\drmkaud.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\DMusic.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dmio.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dmboot.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\CmBatt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\classpnp.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Capt905c.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\bcm4sbxp.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\battc.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\atapi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ALCXWDM.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ALCXSENS.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\aic78xx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\aic78u2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\AGRSM.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\AegisP.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\adpu160m.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\1394bus.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dpnhupnp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dpnet.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dplayx.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dpcdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dosx.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dmutil.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dmserver.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dmocx.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dmdskres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dmdskmgr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dmadmin.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllhost.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\winsrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\wiaservc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\wdmaud.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\user32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\upnphost.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\update.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\sxs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\splitter.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\shsvcs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\riched20.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\rdbss.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\rasmans.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\rasadhlp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\oledlg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\nwwks.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\nwrdr.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\nwprovau.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\nwapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\ntfs.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\msjro.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\msftedit.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\msadox.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\msadomd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\msado15.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\mfc42u.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\mfc40u.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\mf3216.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\kmixer.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\jgpl400.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\jgdw400.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\iphlpapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\hlink.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\fltmgr.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\fltmc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\fltlib.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\explorer.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\dxmasf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\dhcpcsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\comctl32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\ciodm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\apphelp.sdb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\apph_sp.sdb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\agentsvr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\agentdpv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\agentdp2.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dispex.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dinput.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dfrgsnap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\devmgr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\devmgmt.msc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\devenum.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\deskmon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\deskadp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\defrag.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ddrawex.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dbgeng.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\davclnt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\datime.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\danim.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3drm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3dim700.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3dim.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3d9.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3d8thk.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3d8.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctype.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctfmon.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\csrss.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cscui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cryptsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cryptext.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cryptdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\crtdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\credui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\country.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\control.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CONFIG.NT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comuid.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comsvcs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comrepl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\compmgmt.msc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\compatUI.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\commdlg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\command.com:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comdlg32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comcat.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cnbjmon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cmd.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\clspack.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\clipsrv.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\clbcatq.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\clbcatex.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\clb.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cisvc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ciodm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\charmap.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\certcli.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cdosys.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cdfview.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\catsrvut.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\catsrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_950.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_949.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_936.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_932.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_874.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28605.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28599.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28592.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28591.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1258.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1257.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1256.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1255.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1254.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\bthprops.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\bthci.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\browsewm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\browser.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\browselc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\bopomofo.uce:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\basesrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\autochk.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\audiosrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\atmfd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\asycfilt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\appwiz.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\amcompat.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ALSNDMGR.CPL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\alg.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\adsnt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\adsldpc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\adptif.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\actxprxy.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\activeds.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\crlds3d.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\regedit.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\hh.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\demo000.acl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\demo.acl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\AGRSMMSG.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\_default.pif:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Programme\Intel\Wireless\Bin\EOUWiz.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\demo\Startmenü\Programme\Autostart\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\demo\RefEdit.exd:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\demo\Installer.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\demo\Eigene Dateien\Alte Excel-Dokumente.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\demo\Anwendungsdaten\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Desktop\Allplan 2004.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WLAN_Generic_SW_2200BG_2915ABG_3945ABG_V10.1.0.3_TIC_107948.zip:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotek.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WORDPAD.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMSysPr9.prx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winhelp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vmmreg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vb.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\unvise32qt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Thumbs.db:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tasks\AC823E4A9185B08A.job:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TASKMAN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedon.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedoff.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xmlprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xenroll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xcopy.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xactsrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wstrenderer.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wstpager.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wstdecod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WshRm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshom.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshnetbs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wship6.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshcon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshbth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshatm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsecedit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wscui.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wscntfy.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\write.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpnpinst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdtrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtpus.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtpdr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdconns.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpabaln.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfaxui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowdeb.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvds32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMVADVE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmv8ds32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMSUI32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmstream.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WMSPDMOE.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmsdmoe2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmsdmoe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmsdmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpsrcwp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpencen.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcore.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpasf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmp.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmiscmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmiprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmidx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmerrDEU.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdrmnet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmdrmdev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wjview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winver.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winstrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINSSPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winshfhc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winntbbu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winnls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhlp32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhelp.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winchat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winbrand.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wifeman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiavideo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiasf.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiascr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiadss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wextract.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webvw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webhits.dll:KAVICHS
__________________

Alt 09.05.2010, 21:09   #4
Alfadas
 
Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! - Standard

Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!



@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webfldrs.msi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdl.trm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdfapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wavemsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\W95FIBER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32topl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32tm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w22NCPA.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\W22MLRes.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssadmin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vss_ps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSFLEX3.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vjoy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga64k.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga256.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VFP6RUN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\verifier.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\verifier.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ver.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VEN2232.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vdmredir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcdex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vbisurf.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vbicodec.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAME.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBADE32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VADE232.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\v7vga.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uwdf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvpa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvoica.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv80a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv42a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsvpia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrshuta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsdpia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrrtosa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrprbda.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrmlnka.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlbva.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrfaxa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdtea.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdpa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcoina.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcntra.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usbui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USASCII.TRN:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ureg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnpui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnpcont.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UNWISE.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\UNWISE.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\untfs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unlodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umdmxfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ufat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\udhisapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\typeperf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\typelib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TwnLib4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TwnLib20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsddd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsd32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscfgwmi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tree.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tracert6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tracert.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tracerpt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tlntsvrp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tlntadmn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tftp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\termmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\termcap:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\telephon.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpsvcs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmonui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmon.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcmsetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\taskman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tasklist.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\taskkill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapiperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\systray.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\systeminfo.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSTEM1X.MDW:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\system.mdw:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprtj.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprint.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysocmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysmon.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysinv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysedit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SynTPCoI.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syncui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SynCtrl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\synceng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syncapp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\swprv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SWEDISH.TRN:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svcpack.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\storage.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stimon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stclient.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sstext3d.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssstars.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sspipes.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssmyst.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssmypics.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssmarque.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssflwbox.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssbezier.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ss3dfo.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwoa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlunirl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsrv32.rll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsrv32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsodbc.chm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spxcoins.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio800.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio600.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprestrt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spnpinst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spnike.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spiisupd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sort.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\snmpsnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SMSUnins.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smbinst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\skeys.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\skdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sisbkup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\simpdata.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sigverif.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shutdown.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shscrap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shrpubw.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\share.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfmapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setver.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setup.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serwvdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\services.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\servdeps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serialui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\senscfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sendmail.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sendcmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SELFREG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secpol.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secedit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sdpblb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sdbinst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scrrun.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scrrnde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scrobj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scrnsave.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scriptpw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scredir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scode.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sclgntfy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\schtasks.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sccbase.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardssp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCANPST.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sbeio.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sbe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\savedump.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\safrslv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\safrdm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\safrcdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\s24NCfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\runas.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RTLCPL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RTLCPAPI.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtipxmib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtcshare.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpcnts.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsopprov.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsnotify.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmui.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmsink.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsh.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsfsaps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaci.rat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcns4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routetab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\route.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rnr20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rexec.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\results.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\replace.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rend.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\relog.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regwizc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regwiz.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regedt32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REFEDIT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\recover.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdsaddin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpwsx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpsnd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpdd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpclip.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdchost.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rcp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasrad.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasphone.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmxs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdial.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrnm.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasautou.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasauto.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\racpldlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QuickTime.qtp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\QuickTime.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qtplugin.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qprocess.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qosname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qedwipes.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qdv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pubprn.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PUBDLG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psnppagn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pscript.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdcnt.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\proxycfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\proquota.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prodspec.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\proctexe.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prnqctl.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prnport.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prnmngr.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prnjobs.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prndrvr.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prncnfg.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\print.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prflbmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powercfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\polstore.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pmspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\plustab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ping6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PICSTORE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\picn20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\photowiz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfos.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfnw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfnet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfmon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi009.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi007.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfdisk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd009.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd007.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pentnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pcl.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pathping.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\paqsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\panmap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pagefileconfig.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\p2psvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\p2pnetsh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\p2pgraph.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\p2pgasvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\p2p.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OUTLCOMM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\osuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\osuninst.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\openfiles.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olesvr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleprn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLEMSG32.REG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLEMSG32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OLEMSG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2nls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2disp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\offfilt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oemdspif.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odtext32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odpdx32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odfox32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odexl32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oddbse32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbctrac.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBCSTF.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcp32r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBCKEY.INF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBCJTNW.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBCJTNW.CNT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBCJET.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBCJET.CNT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBCINST.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBCINST.CNT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbccu32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbccr32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbccp32.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcconf.rsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcconf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcconf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcad32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc16gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\objsel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nwscript.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nwevent.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nwcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntprint.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmssvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsoprq.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsevt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsdba.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntimage.gif:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsbcli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntbackup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nslookup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NSERROR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NSCMPS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\npptools.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NORWEG.TRN:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.cht:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.chs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmmkcert.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nlsfunc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nlhtml.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netstat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netsh.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netsetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\neth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netfxperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\net1.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\net.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\net.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NeroCheck.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nddenb32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nddeapir.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncxpnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nbtstat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\narrhook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxlegih.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxdm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxmlr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml2r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSXBSE35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msw3prt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvideo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvidctl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvbvm50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstinit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSTEXT35.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstext35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswchx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTKPRP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTDFMT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssip32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssetup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msscript.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msscds32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRTEDIT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrpfs35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrecr40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrclr40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msratelc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2cenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSPST32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspdox35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSOTHUNK.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msorcl32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msorc32r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msodeGER.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msobjs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msnsspc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msltus35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mslbui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjt4jlt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjdbc10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMUSIC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msieftp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSFS32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSForms.TWD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msexcl35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msencode.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdxmlc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdatsrc.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdadiag.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mscpxl32.dLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mscpx32r.dLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msconf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCALDEU.TLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.CNT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaudite.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msapsspc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msafd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msadds32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaatext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mrinfo.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqprfsym.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqperf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqoa20.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqoa10.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqoa.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqlogmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqgentr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqcertui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprdim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprddm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplay32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpg4ds32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPG4DMOD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpeg2data.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MP4SDMOD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MP43DMOD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mountvol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\more.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\modex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mode.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mnmdd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmutilse.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmtask.tsk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmfutil.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmdriver.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_qic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_mtf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_hp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mlang.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ML3XEC16.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Misc2.srg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\misc.srg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mimefilt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\migpwd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\miglibnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mib.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFCANS32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71u.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71KOR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71JPN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71ITA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71ESP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71DEU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71CHT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71CHS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC42DEU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mem.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdwmdmsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdhcp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciwave.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciwave.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciseq.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole16.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciavi.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mchgrcoi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcdsrv32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcastmib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\maxdiag.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISRVR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISP32.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapi32x.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\makecab.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mag_hook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lzexpand.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lusrmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lprmonui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lprhelp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpq.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logoff.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\login.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loghours.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\localui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loadfix.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lnkstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lights.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LAPRXY.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lanman.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\langwrbk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\label.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_except.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keymgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KEYEX32.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\key01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kd1394.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduzb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdur.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdukx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuq.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsmsno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsmsfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdro.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdno1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdne.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmlt48.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmlt47.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmaori.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmac.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdla.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkyr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkaz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit142.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdinmal.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdinben.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdinbe1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhept.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe319.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe220.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgkl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgae.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfi1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdest.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdes.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbddv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdca.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdblr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbene.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdazel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdaze.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDAL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_07-b03.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\joy.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jobexec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsh400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgmd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgaw400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JETSQL35.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JETSQL35.CNT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JETERR35.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JETERR35.CNT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JETDEF35.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JETCOMP.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jet500.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Jet35sp3.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javart.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javacypt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ixsso.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ivfsrc.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\isrdbg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ISO88591.TRN:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\isign32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irftp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irclass.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir50_qcx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir50_qc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxsap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrtmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxroute.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxpromn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipv6mon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipv6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsmsnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsecsnp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsec6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprtrmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprtprio.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ippromon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iologmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\intl.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\instcat.sql:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Installer.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\input.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\initpki.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\infosoft.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetppui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetcplc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INETAB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imeshare.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ImagXRA7.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ImagXpr5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imagx5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imagr5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ImageDrive.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ils.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iissuba.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igmpagnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxzoom.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtrk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtha.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrsve.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrrus.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptg.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrplk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnor.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnld.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrkor.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrjpn.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrita.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrhun.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrheb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfrc.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfra.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfin.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxresp.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrenu.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxreng.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrell.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdeu.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdan.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcsy.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcht.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrchs.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrarb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrara.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtrk.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtha.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhsve.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhrus.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptg.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhplk.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhnor.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhnld.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhkor.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhjpn.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhita.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhhun.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhheb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfrc.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfra.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfin.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhesp.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhenu.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxheng.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhell.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdeu.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdan.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcsy.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcht.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhchs.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxharb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhara.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ifsutil.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ifmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iexpress.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\idq.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icwphbk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icwdial.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassvcs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassdo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassam.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasrecst.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasrad.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iaspolcy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iashlpr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasads.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasacct.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmrem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iAlmCoIn_v3889.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\htui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hticons.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hostname.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\homepage.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hlp95en.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HLINKPRX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hlink.srg:KAVICHS

Alt 09.05.2010, 21:09   #5
Alfadas
 
Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! - Standard

Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!



@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hlduinst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HLDRV.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hinstd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\help.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hccoin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\h323msp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GWFSPidGen.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.pro:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graftabl.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpupdate.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gptext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpresult.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpkrsrc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpkcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpedit.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpedit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\glmf32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getmac.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gcdef.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GAPI32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g711codc.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsxp32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxswzrd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsperf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscount.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscomex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscom.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsclnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscfgwz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fwcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ftp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsutil.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsquirt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\framebuf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FOXUSER.FPT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FOXUSER.DBF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\format.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\forcedos.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fontview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fontext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fmifs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fixmapi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\finger.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\findstr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\find.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fdeploy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fastopen.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\expand.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\exe2bin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventtriggers.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventquery.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventcreate.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventcls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eula.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eudcedit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ETEXCH32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentutl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.hxx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent97.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\encdec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\encapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EMSUIX32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EMSUI32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EMSMDB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EMSABP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\efsadu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edlin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dxdiag.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dx8vb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dx7vb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dx3j.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dvdupgrd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dvdplay.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dswave.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssec.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsprpres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound.vxd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dskquoui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsdmoprp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsdmo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsauth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ds32gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ds16gt.dLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwatson.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRVSSRVR.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmstor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wpdusb.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vdmindvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbintel.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbcamd2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbcamd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tunmp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tsbvcap.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tosdvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tape.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sonydcam.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smclib.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sffp_sd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sffdisk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sdbus.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\scsiport.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\riodrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rio8drv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rawwan.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\processr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\p3.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nmnt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nikedrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mf.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mcd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\imagesrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\imagedrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gmreadme.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gm.dls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fsvga.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\enum1394.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\diskdump.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\crusoe.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cpqdap01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cinemst2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cbidf2k.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Camd905c.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\bridge.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmuni.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmlane.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmepvc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\amdk7.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\amdk6.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\driverquery.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpwsockx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpvvox.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpvsetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpvoice.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpvacm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpserial.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnsvr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnlobby.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnhpast.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnaddr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpmodemx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dplaysvr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dplay.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\doskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\docprop2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\docprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DOCOBJ.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmview.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmusic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmsynth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmstyle.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmscript.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmremote.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmloader.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmintf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmime.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmdlgs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmconfig.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmcompos.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmband.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhst3g.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wuaueng1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wuauclt1.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wstcodec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmvdmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmsdmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpshell.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmploc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmplayer.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpcore.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpcd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpasf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmp.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmerror.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmdmps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmdmlog.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\WMADMOE.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\WMADMOD.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\WgaTray.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\WgaLogon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wabimp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wab32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\viaide.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\usbstor.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\unregmp2.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\streamip.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sonypvu1.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\slip.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\setup_wm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qasf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pciidex.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ndisip.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nabtsfec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mswmdm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msscp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mspmsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mpvis.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mouhid.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhid.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hidusb.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hidserv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hhctrl.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxstiff.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxst30.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxssvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsst.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsroute.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsext32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsevent.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxscover.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\directdb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cewmdm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskperf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskpart.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcopy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcopy.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcomp.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dinput8.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dimap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\digest.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diantz.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diactfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgsetup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgnet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dfsshlex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dfrgui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dfrgfat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dfrg.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\debug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ddeshare.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ddeml.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dcomcnfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Dcache.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbnmpntw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbnetlib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsrpcn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\daxctle.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dataclen.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dxof.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dramp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dpmesh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ctl3d32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csseqchk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscript.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\convert.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONVDSN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\console.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\conime.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\confmsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.TMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compobj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compact.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMMTB32.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMMTB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comaddin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnvfat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNFNOT32.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnetcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmutil.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmstp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmsetACL.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmprops.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmpbk32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmos.ram:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmmon32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmmgr32.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmdlib.wsc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmdl32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmdial32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmcfg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CMC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clipbrd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconfg.rll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconf.chm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cleanup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cleanmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ckcnv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cipher.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cidaemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadv.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadmin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkntfs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkdsk.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chcp.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Channels anzeigen.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cfgbkend.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cewmdm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\certmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\certmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ccfgnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\catsrvps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\capesnpn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\camocx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\calc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cacls.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_875.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_869.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_866.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_865.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_863.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_861.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_860.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_857.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_855.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_852.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_850.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_775.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_737.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_500.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_437.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28603.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28598.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28593.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_21866.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20905.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20866.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20261.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20127.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1252.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1026.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10082.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10081.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10079.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10029.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10017.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10010.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10007.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10006.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_10000.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_037.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\btpanui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bthserv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootvrfy.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootok.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootcfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\blastcln.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bitsprx3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bitsprx2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios4.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios1.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bidispl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avwav.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avtapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avifile.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avicap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autolfn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autofmt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autodisc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autoconv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\auditusr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Audio3D.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\attrib.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atmpvcno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atmadm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl71.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atkctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATHPRXY.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\at.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asr_pfu.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asr_ldm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asr_fmt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asferror.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asctrls.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\APPXEC32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\appmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\appmgmts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\append.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apcups.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ansi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\amstream.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ALSNDMGR.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alrsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ahui.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsnw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsnds.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsmsext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\actmovie.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acledit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acelpdec.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\accwiz.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ACCWIZ.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\access.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\aaaamon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\a3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520850.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520437.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\$ncsp$.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WMSUI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WINSPOOL.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WFWNET.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VGA.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VB4DE16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VB40016.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VAEN21.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VADE2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TIMER.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\THREED16.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SYSTEM.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\stdole.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SOUND.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SHELL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\setup.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\RICHED.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLESVR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLECLI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OC25DEU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OC25.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSVIDEO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSRICHED.VBX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MOUSE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMTASK.TSK:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMSYSTEM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MLCTRL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIWAVE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCISEQ.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIAVI.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MAPIX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MAPIU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MAPIFVBX.TLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MAPIFORM.VBX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\LZEXPAND.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\EFDOCX.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\CTL3DV2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\COMMDLG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\COMDLG16.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVIFILE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVICAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system.mdw:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SOUNDMAN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\smscfg.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setdebug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Seifenblase.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe-Stuck.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\RESULT.QTW:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\REGLOCS.OLD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Präriewind.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ppengine.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\PI.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.isu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBC.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\NOTEPAD.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msdfmap.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\LTDLG13N.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\LETTER.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\LETTER.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Kaffeetasse.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\jautoexp.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Granit.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Feder.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Fächer.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\explorer.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\clock.avi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blaue Spitzen 16.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Angler.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\agrsmdel.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Thumbs.db:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\setup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\pop.1und1.com.iaf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\metafile2.emf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Logimex-WLAN.p10:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Gigaset_WLAN_Repeater_108_V0_12.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\ffastun0.ffx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\ffastun.ffo:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\ffastun.ffl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\ffastun.ffa:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Eidesstattliche Versicherung.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\demo\Eigene Dateien\Thumbs.db:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\NTUSER.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\NTUSER.DAT.LOG:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\win.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WudfSvc.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WPDShServiceObj.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WpdShext.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\WMVDECOD.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\wmpmde.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\wmdrmsdk.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\winsrv.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\verclsid.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\user32.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\TZLog.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\sxs.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\shsvcs.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\shdocvw.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\rasmans.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\rasadhlp.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\PortableDeviceTypes.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\PortableDeviceApi.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\nwprovau.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\msi.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\MFPLAT.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\iphlpapi.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\hidserv.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\fltmc.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\fltlib.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drmupgds.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\WudfRd.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\system32\DRIVERS\WudfPf.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\wdmaud.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\update.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\StreamIP.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\splitter.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\SLIP.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\rdbss.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\ntfs.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\NdisIP.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\NABTSFEC.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\MSTEE.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\kmixer.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\kbdhid.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\system32\DRIVERS\fltMgr.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\CCDECODE.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\aec.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\shdocvw.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\iedw.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dllcache\browseui.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\dhcpcsvc.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\comctl32.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\browseui.dll:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\system.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\NeroDigital.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\hpbafd.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\explorer.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Programme\Windows Media Player\WMPNetwk.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Dokumente und Einstellungen\demo\ntuser.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Dokumente und Einstellungen\demo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Dokumente und Einstellungen\demo\Eigene Dateien\desktop.ini:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\wtsapi32.dll:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\shfolder.dll:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\rundll32.exe:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\riched32.dll:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\srclient.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\setupapi.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\riched20.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\regapi.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\powrprof.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\OemInfo.ini:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\msvcrt20.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSIMTF.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\msimg32.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ltkrn13n.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ltimg13n.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ltefx13n.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\ltdlg13n.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\LTDIS13n.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\udfs.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\modem.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\fastfat.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\cdfs.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\clusapi.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\cfgmgr32.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\cabinet.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\apphelp.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\twain_32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wzcsvc.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wsock32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wshde.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ws2help.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ws2_32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wow32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wmi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WMADMOD.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wlnotify.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wldap32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\winsta.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\winscard.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\winmm.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WgaTray.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WgaLogon.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\w29mlres.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\version.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\vdmdbg.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\uxtheme.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\utildll.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\usp10.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\userenv.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\traffic.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\tapi32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\syssetup.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ssdpapi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\shimeng.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\sensapi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\security.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\scesrv.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\scecli.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\scardsvr.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\samsrv.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\samlib.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\resutils.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\rcbdyctl.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\rasdlg.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\rasapi32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\QuickTimeCheck.ocx:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\profmap.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\printui.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\pautoenr.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\opengl32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\olethk32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\oleacc.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\odbc32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ocmanage.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\nwapi32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ntlanman.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ntdsapi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\newdev.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\netui2.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\netui1.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\netui0.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\netshell.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\netrap.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\netcfgx.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\nddeapi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ncobjapi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msvfw32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msvcrt40.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msvcrt.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msvcr71.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msvcp71.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msvcp60.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msvcirt.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msutb.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mssign32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msoert2.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msoeacct.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msimsg.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msihnd.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msiexec.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msgina.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msftedit.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mscat32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msacm32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mprapi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mpr.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mmsys.cpl:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mmcbase.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mlang.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mfcsubs.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mfc42u.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ltfil13n.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\linkinfo.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lftif13n.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lfpcx13n.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lfpcd13n.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lflmb13n.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lfjbg13n.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lffpx13n.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lffax13n.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\LFCMP13n.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lfbmp13n.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\LegitCheckControl.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\jsde.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\imm32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\imagehlp.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\icmp.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\icaapi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\hlink.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\hccutils.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\glu32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\getuname.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\fxsevent.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\fxsapi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\faultrep.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\esent.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\duser.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\dsound.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\wanarp.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\viaide.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\termdd.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\sfloppy.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\serial.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\rdpwd.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\raspppoe.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\rasl2tp.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\rasirda.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\psched.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\pcmcia.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\pciide.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\pci.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\parport.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\null.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\nscirda.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\npfs.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\nic1394.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ndproxy.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ndiswan.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ndisuio.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ndistapi.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ndis.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\msfs.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\irenum.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ipsec.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ipnat.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ipinip.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\ip6fw.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\intelide.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\imapi.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\hidusb.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\ftdisk.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\flpydisk.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\fips.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\fdc.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\disk.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\compbatt.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\cdrom.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\cdaudio.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\beep.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\atmarpc.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\asyncmac.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\arp1394.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\ACPIEC.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\ACPI.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\dfrgres.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\dfrgntfs.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\desk.cpl:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ddraw.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\dciman32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\dbghelp.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\cscdll.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\cryptui.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\cryptnet.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\crypt32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\cr2c70de.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\comres.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\compstui.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\colbact.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\cards.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\bootvid.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\blackbox.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\batt.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\batmeter.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\avicap32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\authz.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\audiodev.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\atmlib.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\activeds.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\aclui.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Dokumente und Einstellungen\demo\Desktop\Allmenu 2004.lnk:KAVICHS
< End of report >


Alt 09.05.2010, 21:30   #6
Alfadas
 
Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! - Standard

Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!



Habe den Logfile Extras übersehen wenn das wichtig ist poste ich es anbei mit.
Vielen Dank für die tolle Hilfim voraus ihr macht einen tollen Job!!! )


OTL Extras logfile created on: 09.05.2010 21:37:08 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\demo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

494,00 Mb Total Physical Memory | 213,00 Mb Available Physical Memory | 43,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,93 Gb Total Space | 30,90 Gb Free Space | 55,25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAXDATA-9C58E35
Current User Name: demo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.scr [@ = scrfile] -- "%1" /S %*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"9232:TCP" = 9232:TCP:*:Enabled:Services
"9233:TCP" = 9233:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"9232:TCP" = 9232:TCP:*:Enabled:Services
"9233:TCP" = 9233:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe" = C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe:*isabled:Kaspersky Anti-Virus Service -- File not found
"C:\Programme\BearShare\BearShare.exe" = C:\Programme\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found
"C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe" = C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc. Player -- File not found
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Programme\Winamp Remote\bin\Orb.exe" = C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Programme\Winamp Remote\bin\OrbTray.exe" = C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1C04D433-2EDF-4AFB-B31B-C0B13065092F}" = MagicTune3.6_Client_pivot
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{2C091730-3788-4F16-A032-433AC9931375}" = Misc
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3871DA1E-D863-4548-8465-A2F55D4BFC95}" = UGuide
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{48ECA82D-8EDC-4873-A9FE-F3B1B4C07153}" = PrintForm 5.0
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6022B4FC-4698-4A62-B9FD-54809A9E06F8}" = MPM
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A250D351-A07F-4D5D-AB6C-693C69B9BFAF}" = Hercules Webcam
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9F9BEAE-3963-41D3-B970-CA60C6A71179}" = HP Officejet K7100 Series Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D208F4A7-6B73-4C2A-8B1E-8756FCBA831E}" = Hercules WebCam Station
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FEF37D4E-4DD2-4F58-B491-6EC28C6506A7}" = Drivers
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Allplan 2004" = Nemetschek Allplan 2004
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Hardlock Device Driver" = Hardlock Device Driver
"HP Officejet K7100 Series" = HP Officejet K7100 Series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"lvdrivers_11.50" = Logitech QuickCam-Treiberpaket
"LXF" = LXF
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel(R) PROSet/Wireless Software
"QuickTime" = QuickTime
"Runtime" = Runtime
"Skype_is1" = Skype 3.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ToolBand.SkypeIEToolbarToolbar" = Skype add-on for IE
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08.05.2010 12:55:17 | Computer Name = MAXDATA-9C58E35 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.

Error - 08.05.2010 12:56:35 | Computer Name = MAXDATA-9C58E35 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne
ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung
wird nicht durchgeführt.

Error - 08.05.2010 16:19:55 | Computer Name = MAXDATA-9C58E35 | Source = Userenv | ID = 1054
Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt
werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung
hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.

Error - 08.05.2010 16:19:56 | Computer Name = MAXDATA-9C58E35 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.

Error - 08.05.2010 16:19:56 | Computer Name = MAXDATA-9C58E35 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.

Error - 08.05.2010 16:21:00 | Computer Name = MAXDATA-9C58E35 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne
ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung
wird nicht durchgeführt.

Error - 09.05.2010 05:13:29 | Computer Name = MAXDATA-9C58E35 | Source = Userenv | ID = 1054
Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt
werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung
hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.

Error - 09.05.2010 05:14:31 | Computer Name = MAXDATA-9C58E35 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne
ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung
wird nicht durchgeführt.

Error - 09.05.2010 15:12:38 | Computer Name = MAXDATA-9C58E35 | Source = Userenv | ID = 1054
Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt
werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung
hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.

Error - 09.05.2010 15:13:47 | Computer Name = MAXDATA-9C58E35 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne
ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung
wird nicht durchgeführt.

[ System Events ]
Error - 08.05.2010 16:30:14 | Computer Name = MAXDATA-9C58E35 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 08.05.2010 16:45:19 | Computer Name = MAXDATA-9C58E35 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 29 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 09.05.2010 05:13:28 | Computer Name = MAXDATA-9C58E35 | Source = NETLOGON | ID = 5719
Description = Es steht kein Domänencontroller für die Domäne LOGIMEX aus folgendem
Grund zur Verfügung: %%1311. Stellen Sie sicher, dass der Computer mit dem Netzwerk
verbunden ist, und versuchen Sie es erneut. Wenden Sie sich an den Domänenadministrator,
wenn das Problem weiterhin besteht.

Error - 09.05.2010 05:17:14 | Computer Name = MAXDATA-9C58E35 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 09.05.2010 05:17:18 | Computer Name = MAXDATA-9C58E35 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 09.05.2010 05:17:43 | Computer Name = MAXDATA-9C58E35 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 09.05.2010 05:32:47 | Computer Name = MAXDATA-9C58E35 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 29 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 09.05.2010 06:02:48 | Computer Name = MAXDATA-9C58E35 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 59 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 09.05.2010 15:12:34 | Computer Name = MAXDATA-9C58E35 | Source = NETLOGON | ID = 5719
Description = Es steht kein Domänencontroller für die Domäne **** aus folgendem
Grund zur Verfügung: %%1311. Stellen Sie sicher, dass der Computer mit dem Netzwerk
verbunden ist, und versuchen Sie es erneut. Wenden Sie sich an den Domänenadministrator,
wenn das Problem weiterhin besteht.

Error - 09.05.2010 15:15:21 | Computer Name = MAXDATA-9C58E35 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.


< End of report >

Alt 10.05.2010, 12:38   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! - Standard

Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!



Halllo und

Malwarebytes' Anti-Malware 1.45
Datenbank Version: 3930


Malwarebytes war nicht aktuell. Bitte auf Version 1.46 updaten und manuell noch auf Datenbank Version 4085 bringen, dann bitte einen Vollscan machen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Wie man Programme richtig installiert

Backup mit DriveSnapshot

Das TB unterstützen

Alt 11.05.2010, 10:41   #8
Alfadas
 
Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! - Standard

Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!



Danke vielmals für die Antwort und Hilfestellung!

Nach aktuallisierung und Vollscan von Malwarebytes.

Log im Anhang als .txt
Angehängte Dateien
Dateityp: txt mbam-log-2010-05-11 (11-30-31).txt (4,9 KB, 245x aufgerufen)

Alt 11.05.2010, 10:45   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! - Standard

Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!



ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Wie man Programme richtig installiert

Backup mit DriveSnapshot

Das TB unterstützen

Alt 11.05.2010, 22:27   #10
Alfadas
 
Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! - Standard

Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!



Ich habe Rkill zuvor gestart. Würde es Combofix daran hindern bzw. bei der Arbeit die Ergebnisse verfälschen/behindern?

Alt 12.05.2010, 01:20   #11
Alfadas
 
Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! - Standard

Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!



Combofix Scan Logfile

ComboFix 10-05-10.05 - demo 11.05.2010 23:49:54.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.494.177 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\demo\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.
ADS - explorer.exe: deleted 228 bytes in 1 streams.
ADS - netcfgx.dll: deleted 100 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\demo\Anwendungsdaten\651CB9580CA8C43E36E4CF3E12280F8E
c:\dokumente und einstellungen\demo\Anwendungsdaten\651CB9580CA8C43E36E4CF3E12280F8E\enemies-names.txt
c:\dokumente und einstellungen\demo\Anwendungsdaten\651CB9580CA8C43E36E4CF3E12280F8E\lsrslt.ini
C:\Thumbs.db
c:\windows\pi.exe

.
original MBR restored successfully !
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS

((((((((((((((((((((((( Dateien erstellt von 2010-04-12 bis 2010-05-12 ))))))))))))))))))))))))))))))
.

2010-05-11 10:44 . 2007-08-10 18:44 33656 ----a-w- c:\windows\system32\sprecovr.exe
2010-05-11 10:38 . 2004-08-04 12:00 92672 ----a-w- c:\windows\system32\wbem\policman.dll
2010-05-11 10:37 . 2004-08-04 12:00 201216 ----a-w- c:\windows\system32\dllcache\migism.dll
2010-05-11 10:36 . 2004-08-04 12:00 34560 ----a-w- c:\windows\system32\mnmdd.dll
2010-05-11 10:35 . 2006-10-20 01:38 715776 ----a-w- c:\windows\system32\sxs.dll
2010-05-09 09:43 . 2010-05-09 09:43 -------- d-----r- c:\dokumente und einstellungen\LocalService\Favoriten
2010-05-09 09:43 . 2010-05-09 09:43 -------- d-sh--w- c:\dokumente und einstellungen\LocalService\IETldCache
2010-05-08 20:39 . 2010-05-08 20:47 -------- dc-h--w- c:\windows\ie8
2010-05-08 17:15 . 2010-05-08 21:03 -------- d-----w- c:\programme\trend micro
2010-05-08 17:15 . 2010-05-08 17:15 -------- d-----w- C:\rsit
2010-05-08 07:36 . 2010-05-08 07:36 -------- d-----w- c:\dokumente und einstellungen\demo\Anwendungsdaten\Malwarebytes
2010-05-08 07:36 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-08 07:36 . 2010-05-08 07:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-05-08 07:36 . 2010-05-10 20:06 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-05-08 07:36 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 09:42 . 2010-05-05 09:42 -------- d-----w- c:\dokumente und einstellungen\HelpAssistant\WINDOWS
2010-05-05 09:42 . 2010-05-05 09:42 -------- d-----w- c:\dokumente und einstellungen\HelpAssistant\UserData
2010-05-05 09:30 . 2010-05-05 09:41 -------- d--h--w- c:\dokumente und einstellungen\HelpAssistant\Lokale Einstellungen
2010-05-05 09:29 . 2010-05-06 06:30 -------- d-----w- c:\dokumente und einstellungen\HelpAssistant
2010-05-04 16:27 . 2010-05-04 16:27 164352 ----a-w- c:\windows\Lvufaa.exe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-11 21:01 . 2006-03-27 21:18 -------- d-----w- c:\programme\CCleaner
2010-05-11 19:57 . 2005-02-09 07:07 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-06 06:31 . 2005-02-09 07:08 88280 ----a-w- c:\windows\system32\perfc007.dat
2010-05-06 06:31 . 2005-02-09 07:08 467522 ----a-w- c:\windows\system32\perfh007.dat
2010-05-04 16:15 . 2008-12-27 20:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-29 20:34 . 2007-02-02 22:55 -------- d-----w- c:\dokumente und einstellungen\demo\Anwendungsdaten\Skype
2010-03-24 07:43 . 2010-03-24 07:43 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\McAfee
2010-03-10 06:15 . 2005-02-09 07:08 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:15 . 2005-02-09 07:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 12:31 . 2010-05-11 10:35 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:30 . 2010-05-11 10:35 2060672 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:30 . 2010-05-11 10:35 2183680 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 10:03 . 2010-03-07 14:48 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:45 . 2010-05-11 10:37 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2010-05-11 10:35 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-08-11 67584]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88363]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2003-04-19 110592]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2003-04-19 610304]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"EOUApp"="c:\programme\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Acrobat Assistant.lnk - c:\programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2008-7-18 49254]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"9232:TCP"= 9232:TCP:Services
"9233:TCP"= 9233:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\Avira\AntiVir Desktop\sched.exe [08.12.2009 13:02 108289]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [09.02.2005 09:10 190804]
S0 eakkhb;eakkhb;c:\windows\system32\drivers\gddj.sys --> c:\windows\system32\drivers\gddj.sys [?]
S3 ids00026;ids00026;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [?]
S3 ids0005c;ids0005c;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys [?]
S3 ids00118;ids00118;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys [?]
S3 ids0014f;ids0014f;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys [?]
S3 ids0015d;ids0015d;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys [?]
S3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [09.02.2005 09:10 5817]
S3 ovt530;Webcam Classic;c:\windows\system32\drivers\ov530vid.sys [31.01.2010 23:07 161792]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - SYMTDI
*Deregistered* - SYMTDI
.
Inhalt des "geplante Tasks" Ordners

2010-05-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-15 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = go.gmx.net/tab2
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://go.gmx.net/suchbox/gmxsuche?su=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {FDC847F8-DA70-4442-8072-FF883F34D14A} - hxxp://toolbar.dasoertliche-marketing.de/toolbar/normal/download/DasOertlicheToolbar.cab
FF - ProfilePath - c:\dokumente und einstellungen\demo\Anwendungsdaten\Mozilla\Firefox\Profiles\e8ooan6e.default\
FF - plugin: c:\programme\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- Dateityp-Verknüpfung -------
.
scrfile="%1" /S %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-zzzHPSETUP - D:\Setup.exe
MSConfigStartUp-HP Software Update - c:\programme\HP\HP Software Update\HPWuSchd2.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-12 02:00
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(3544)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Hercules\WebCam Station\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\SOUNDMAN.EXE
c:\windows\AGRSMMSG.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-05-12 02:11:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-05-12 00:11

Vor Suchlauf: 13 Verzeichnis(se), 31.479.947.264 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 31.381.159.936 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 34B06753FDEC1C69D7247D569F10467A

Gute Nacht

Alt 12.05.2010, 05:51   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! - Standard

Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
http://www.trojaner-board.de/85917-antimalware-doctor-angriff-nach-rkill-mbam-scan-ccleaber-immer-noch-vorhanden.html

Collect::
c:\windows\system32\sprecovr.exe
c:\windows\Lvufaa.exe
c:\windows\system32\drivers\gddj.sys

Folder::
c:\dokumente und einstellungen\HelpAssistant

Driver::
eakkhb
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Wie man Programme richtig installiert

Backup mit DriveSnapshot

Das TB unterstützen

Alt 12.05.2010, 11:08   #13
Alfadas
 
Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! - Standard

Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!



Anweisungen durchgeführt

Freundliche Grüsse
Angehängte Dateien
Dateityp: txt ComboFix.txt (10,8 KB, 188x aufgerufen)

Alt 12.05.2010, 11:57   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! - Standard

Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!



Bitte mal den Avenger anwenden:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:



3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:
Code:
ATTFilter
Folders to delete:
c:\dokumente und einstellungen\HelpAssistant
         
4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Wie man Programme richtig installiert

Backup mit DriveSnapshot

Das TB unterstützen

Alt 12.05.2010, 20:26   #15
Alfadas
 
Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! - Standard

Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!



Avenger erfolgreich ausgeführt!!!!

freundliche Grüsse
nihato

Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "c:\dokumente und einstellungen\HelpAssistant" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Antwort

Themen zu Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!
adware.whenu, agere systems, angriff, anleitung, anti-malware, antimalware, avgntflt.sys, bereich, browseui preloader, components, data, desktop, einstellungen, entfernen, falsche, fontcache, gerätetreiber, hartnäckig, hijacker, hijackthis, hkus\s-1-5-18, laptop, malwarebytes, mbam, meldung, neustart, rkill, rogue.antimalwaredoctor, rsit, scan, security suite, skype.exe, spyware, stolen.data, temp, thema, trojan.downloader, trojaner-board, warnung, windows internet, winxp



Ähnliche Themen: Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!


  1. Nach Scan noch immer Bedrohungen, aber wie entfernen?
    Log-Analyse und Auswertung - 24.06.2015 (9)
  2. Stronghold Antimalware nach Deinstallation immer noch da?
    Plagegeister aller Art und deren Bekämpfung - 11.10.2014 (9)
  3. Win7 - Startseite Firefox auf QV06 umgeleitet - Scan u. Desinfektion mit MbAM, nun weitere Funde nach online-Scan mit ESET
    Log-Analyse und Auswertung - 24.08.2013 (9)
  4. Snap.do nach löschen in der Systemsteuerung immer noch vorhanden, Logfiles geben entsprechende Hinweise
    Plagegeister aller Art und deren Bekämpfung - 28.07.2013 (9)
  5. Neuinstallation nach TR/Cryptet.xpack.gen2 und Rootkit Viren, Schädlinge immer noch vorhanden
    Plagegeister aller Art und deren Bekämpfung - 18.01.2011 (13)
  6. Antimalware Doctor nach Malwarebytes Anti Malware Durchlauf noch da
    Log-Analyse und Auswertung - 03.10.2010 (1)
  7. Antimalware Doctor - was ist noch zu tun?
    Log-Analyse und Auswertung - 28.09.2010 (14)
  8. Antimalware Doctor erfolgreich gelöscht aber noch weitere Probleme
    Plagegeister aller Art und deren Bekämpfung - 13.09.2010 (18)
  9. Antimalware Doctor noch immer auf meinem PC
    Log-Analyse und Auswertung - 27.08.2010 (11)
  10. Antimalware Doctor lässt rkill nicht zu
    Plagegeister aller Art und deren Bekämpfung - 24.08.2010 (8)
  11. Antimalware Doctor / Dropper / Immer IFrame im Browser
    Plagegeister aller Art und deren Bekämpfung - 12.08.2010 (15)
  12. Antimalware Doctor startet immer wieder neu
    Plagegeister aller Art und deren Bekämpfung - 14.06.2010 (41)
  13. Antimalware Doctor kommt immer wieder!
    Plagegeister aller Art und deren Bekämpfung - 10.06.2010 (9)
  14. Antimalware Doctor kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 08.06.2010 (6)
  15. Antimalware Doctor offenbar noch nicht entfernt
    Log-Analyse und Auswertung - 13.05.2010 (22)
  16. Antimalware Doctor nach Mbam Scan immer noch vorhanden!
    Log-Analyse und Auswertung - 09.05.2010 (1)
  17. immer noch sdfadf.df Files nach conficker.L Angriff
    Plagegeister aller Art und deren Bekämpfung - 29.10.2009 (10)

Zum Thema Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! - Hallo, Vorserst muss ich mich entschuldigen dass ich mein Post zuvor versehentlich im falschen Themenbereich eingestellt hatte (Hijacker / HiJackThis Logs posten). Jetzt zum eigentlichen Thema: Ich habe mir auf - Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!...
Archiv
Du betrachtest: Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.