Home » Viren, Trojaner & Malware Forum » Wie kann ich den Trojaner TR/PSW.Kates.CA.7 entfernen? » Themenansicht

Wie kann ich den Trojaner TR/PSW.Kates.CA.7 entfernen?
#0
28.03.2010, 18:40
Kaithy
...neu hier

Beiträge: 7
#1 Hallo!

Antivir hat auf meinem PC den Trojaner TR/PSW.Kates.CA.7 gefunden, den ich jetzt einfach nicht mehr loswerde, weil sich die Datei nach dem Löschen sofort wiederherstellt (hab mittlerweile die Vermutung, dass er auch die Antivir-Updates blockiert).

Antivir-Fund:

Code

Exported events:

28.03.2010 18:33 [Guard] Malware found
      Virus or unwanted program 'TR/PSW.Kates.CA.7 [trojan]'
      detected in file 'C:\Dokumente und Einstellungen\KEnder\Lokale 
      Einstellungen\oqpe.bak.
      Action performed: Delete file

28.03.2010 18:33 [Updater] Update not carried out
      The update of KATHARINA (192.168.1.2) from 
      http://perspeak.avira-update.com/update failed.
      An error occurred during downloading
      No new files were loaded.

Dateien sind alle sichtbar gemacht. Worauf muss ich hier achten?

Ich wär deshalb sehr froh, wenn mir hier irgendjemand helfen könnte. Vielen Dank im Voraus! Kaithy
Seitenanfang Seitenende
28.03.2010, 20:11
Swisstreasure
Moderator

Beiträge: 5694
#2 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:
Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

>Doppelklick auf die OTL.exe
-->Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
>Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
>Unter Extra Registry, wähle bitte Use SafeList
>Klicke nun auf Run Scan links oben
>Wenn der Scan beendet wurde werden 2 Logfiles erstellt
>Poste die Logfiles in Code-Tags hier in den Thread.


Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

• alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Gmer ist geeignet für => NT/W2K/XP/VISTA.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
• Gmer startet automatisch einen ersten Scan.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Code

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

• Unbedingt auf "No" klicken,
anschließend über den Copy-Button das bisherige Resultat in die Zwischenablage zu kopieren.
• Füge das Log aus der Zwischenablage mit STRG + V in Deine Antwort in Deinem Thread ein.
.
• Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
• Hake an: System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
• Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren.
Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in Deine Antwort hier ein (mit STRG + V).

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.
Seitenanfang Seitenende
28.03.2010, 23:20
Kaithy
...neu hier

Themenstarter

Beiträge: 7
#3 Hallo und danke für die Hilfe!

Schritt 1 - OLT-Scan:

Aus irgendeinem Grund kann ich das OLT-Logfile nicht posten (Beitrag hat zu wenig Zeichen), deshalb hänge ich es an.

Code

OTL Extras logfile created on: 28.03.2010 21:38:21 - Run 5
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Dokumente und Einstellungen\KEnder\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,00 Mb Total Physical Memory | 253,00 Mb Available Physical Memory | 50,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 20,00 Gb Total Space | 11,38 Gb Free Space | 56,91% Space Free | Partition Type: NTFS
Drive D: | 54,53 Gb Total Space | 18,26 Gb Free Space | 33,49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465,76 Gb Total Space | 428,38 Gb Free Space | 91,97% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KATHARINA
Current User Name: KEnder
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- Reg Error: Key error.
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Programme\BitTorrent_DNA\btdna.exe" = C:\Programme\BitTorrent_DNA\btdna.exe:*:Enabled:DNA -- File not found
"C:\Programme\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Programme\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{2C164906-E68F-462A-9010-70DD022223EF}" = RemoteCapture Task 1.0.2
"{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Internet Library
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74C9DFA1-338F-4bf3-B317-99A9EC8EF9A6}" = Intel(R) PROSet
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CD0B297-122D-4718-9CE1-B72E796F7B21}" = Sony Ericsson Media Manager 1.2
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9518F764-C54D-47B2-9E73-154B21E79FD2}" = RAW Image Task 1.0
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.7
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device Driver
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Camera Support Core Library
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda 5.5.0
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}" = Camera Window
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Direktfotosystem2_is1" = Direkt Foto System 3.x
"DivX Content Uploader" = DivX Content Uploader
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"InstallShield_{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"InstallShield_{2C164906-E68F-462A-9010-70DD022223EF}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{9518F764-C54D-47B2-9E73-154B21E79FD2}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Canon Camera Support Core Library
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}" = Canon Camera Window for ZoomBrowser EX
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PhotoScape" = PhotoScape
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TFNF5" = Toshiba Hotkey Utility für Anzeigegeräte
"TME3" = TOSHIBA Mobile Extension3 für Windows XP V3.36.00.XP
"Toshiba Power Saver" = TOSHIBA Power Saver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA Utilities" = TOSHIBA Utilities
"VeryPDF PDF2Word v3.0_is1" = VeryPDF PDF2Word v3.0
"VLC media player" = VideoLAN VLC media player 0.8.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 15.12.2009 23:01:37 | Computer Name = KATHARINA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AcroRd32.exe, Version 9.1.0.163, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 20.12.2009 13:45:01 | Computer Name = KATHARINA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung direktfotosystem.exe, Version 3.3.2.11, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 20.12.2009 13:50:04 | Computer Name = KATHARINA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung direktfotosystem.exe, Version 3.3.2.11, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 20.12.2009 15:55:25 | Computer Name = KATHARINA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung direktfotosystem.exe, Version 3.3.2.11, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 20.12.2009 18:35:58 | Computer Name = KATHARINA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Photoshop.exe, Version 9.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 25.12.2009 14:33:51 | Computer Name = KATHARINA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung POWERPNT.EXE, Version 11.0.6564.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 25.12.2009 14:34:18 | Computer Name = KATHARINA | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office PowerPoint.
 
Error - 06.01.2010 15:09:06 | Computer Name = KATHARINA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Photoshop.exe, Version 9.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 07.01.2010 09:45:50 | Computer Name = KATHARINA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ANIWZCSdS.exe, Version 1.0.1.30507, fehlgeschlagenes
 Modul user32.dll, Version 5.1.2600.2180, Fehleradresse 0x00016d27.
 
Error - 12.01.2010 11:01:14 | Computer Name = KATHARINA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.6565.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
 
< End of report >


Anhang: OTL.Txt
Seitenanfang Seitenende
29.03.2010, 18:59
Swisstreasure
Moderator

Beiträge: 5694
#4 OTL logfile created on: 28.03.2010 21:38:21 - Run 5
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Dokumente und Einstellungen\KEnder\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

511,00 Mb Total Physical Memory | 253,00 Mb Available Physical Memory | 50,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 20,00 Gb Total Space | 11,38 Gb Free Space | 56,91% Space Free | Partition Type: NTFS
Drive D: | 54,53 Gb Total Space | 18,26 Gb Free Space | 33,49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465,76 Gb Total Space | 428,38 Gb Free Space | 91,97% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KATHARINA
Current User Name: KEnder
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Dokumente und Einstellungen\KEnder\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Spybot\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\system32\ZCfgSvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
PRC - C:\WINDOWS\system32\1XConfig.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)
PRC - C:\Programme\D-Link\AirPlus G\AirGCFG.exe (D-Link)
PRC - C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\TME3\TMESRV31.EXE (TOSHIBA)
PRC - C:\Programme\Toshiba\TME3\TMESBS32.EXE (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\TME3\TMERzCtl.exe (TOSHIBA)
PRC - C:\Programme\Toshiba\TME3\TMEEJME.exe (TOSHIBA)
PRC - C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
PRC - C:\WINDOWS\system32\TPWRTRAY.EXE (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\TFNF5.exe (Toshiba Corp.)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Dokumente und Einstellungen\KEnder\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Toshiba\TME3\TMEEJMD.dll (TOSHIBA)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (S24EventMonitor) -- C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) -- C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)
SRV - (ANIWZCSdService) -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Alpha Networks Inc.)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (NetSvc) -- C:\Programme\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation)
SRV - (Tmesrv) -- C:\Programme\TOSHIBA\TME3\Tmesrv31.exe (TOSHIBA)
SRV - (Tmesbs) -- C:\Programme\TOSHIBA\TME3\Tmesbs32.exe (TOSHIBA Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w70n51) Intel(R) -- C:\WINDOWS\system32\drivers\w70n51.sys (Intel® Corporation)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (tsdhd) -- C:\WINDOWS\system32\drivers\tsdhd.sys (TOSHIBA Corporation)
DRV - (TMEI3E) -- C:\WINDOWS\system32\drivers\TMEI3E.SYS (Toshiba Corporation)
DRV - (TOSHIBASoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (LT)
DRV - (TVALD) -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS (Toshiba Corporation)
DRV - (TVALG) -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS (TOSHIBA Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.oebb.at/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "derstandard.at"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: safeview@cdisys.com:4.5.446
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.29

FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2010.03.18 14:37:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.03.24 21:23:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.03.24 21:23:03 | 000,000,000 | ---D | M]

[2008.09.14 15:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KEnder\Anwendungsdaten\Mozilla\Extensions
[2010.03.28 12:58:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KEnder\Anwendungsdaten\Mozilla\Firefox\Profiles\ctg8c2nv.default\extensions
[2009.09.25 15:36:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KEnder\Anwendungsdaten\Mozilla\Firefox\Profiles\ctg8c2nv.default\extensions\moveplayer@movenetworks.com
[2009.11.05 15:14:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\KEnder\Anwendungsdaten\Mozilla\Firefox\Profiles\ctg8c2nv.default\extensions\safeview@cdisys.com
[2010.03.28 12:58:11 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2004.03.01 14:24:58 | 001,650,688 | ---- | M] (MDL Information Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npchime.dll
[2010.02.08 14:36:49 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.08 14:36:49 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.08 14:36:49 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.08 14:36:49 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.08 14:36:49 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2001.08.23 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Programme\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (Toshiba Corp.)
O4 - HKLM..\Run: [TMEEJME.EXE] C:\Programme\Toshiba\TME3\TMEEJME.exe (TOSHIBA)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESBS.EXE] C:\Programme\TOSHIBA\TME3\TMESBS32.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Programme\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Tpwrtray] C:\WINDOWS\System32\TPWRTRAY.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot\TeaTimer.exe (Safer-Networking Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\KEnder\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\KEnder\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.03.12 14:23:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.12.15 11:52:18 | 000,000,080 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{3027f6f0-4483-11de-9c27-0004234f633e}\Shell\AutoRun\command - "" = F:\ -- File not found
O33 - MountPoints2\{3027f6f0-4483-11de-9c27-0004234f633e}\Shell\explore\Command - "" = F:\AUTORUN.EXE -- File not found
O33 - MountPoints2\{3027f6f0-4483-11de-9c27-0004234f633e}\Shell\open\Command - "" = F:\AUTORUN.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.03.28 20:45:27 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\KEnder\Desktop\OTL.exe
[2010.03.27 06:37:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\KEnder\Eigene Dateien\Downloads
[2010.03.27 06:28:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\KEnder\Eigene Dateien\ForceField Shared Files
[2010.03.26 20:19:43 | 000,000,000 | ---D | C] -- C:\Programme\Spybot
[2010.03.26 20:19:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.03.26 19:57:04 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.03.26 19:57:04 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.03.26 19:57:03 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.03.26 19:57:01 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.03.26 19:57:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.03.18 01:08:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\KEnder\Anwendungsdaten\CheckPoint
[2010.03.18 01:07:58 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint
[2010.03.18 01:07:47 | 001,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010.03.18 01:05:04 | 000,713,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sxs.dll
[2009.04.30 15:54:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2008.09.20 15:59:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple
[2007.03.12 14:26:44 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2007.03.12 14:26:44 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2007.03.12 14:26:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.03.28 20:48:32 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\KEnder\Desktop\piij7ce9.exe
[2010.03.28 20:45:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\KEnder\Desktop\OTL.exe
[2010.03.28 20:36:20 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\KEnder\Desktop\Outlook.lnk
[2010.03.28 18:47:34 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.03.28 12:37:36 | 000,395,534 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.28 12:37:36 | 000,059,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.28 12:37:35 | 000,409,192 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.03.28 12:37:35 | 000,071,994 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.03.28 12:37:33 | 000,946,822 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.28 12:32:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.28 12:31:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.28 00:28:05 | 005,767,168 | -H-- | M] () -- C:\Dokumente und Einstellungen\KEnder\NTUSER.DAT
[2010.03.28 00:27:44 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\KEnder\ntuser.ini
[2010.03.27 06:41:00 | 042,281,152 | ---- | M] () -- C:\Dokumente und Einstellungen\KEnder\Desktop\avira_antivir_personal_en.exe
[2010.03.27 06:28:20 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.03.26 20:20:10 | 000,000,770 | ---- | M] () -- C:\Dokumente und Einstellungen\KEnder\Desktop\Spybot - Search & Destroy.lnk
[2010.03.26 20:10:54 | 000,000,279 | ---- | M] () -- C:\Verknüpfung mit Lokaler Datenträger (C).lnk
[2010.03.24 21:13:51 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.18 14:20:30 | 000,428,416 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010.03.18 01:07:56 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010.03.14 21:38:46 | 000,002,495 | ---- | M] () -- C:\Dokumente und Einstellungen\KEnder\Desktop\Google Earth.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.03.28 20:48:30 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\KEnder\Desktop\piij7ce9.exe
[2010.03.27 06:37:47 | 042,281,152 | ---- | C] () -- C:\Dokumente und Einstellungen\KEnder\Desktop\avira_antivir_personal_en.exe
[2010.03.26 20:20:10 | 000,000,770 | ---- | C] () -- C:\Dokumente und Einstellungen\KEnder\Desktop\Spybot - Search & Destroy.lnk
[2010.03.26 20:10:53 | 000,000,279 | ---- | C] () -- C:\Verknüpfung mit Lokaler Datenträger (C).lnk
[2010.03.18 01:07:36 | 000,428,416 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2008.09.13 09:56:13 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2008.07.01 11:01:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008.02.29 22:32:32 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008.01.15 00:00:19 | 000,001,257 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI
[2008.01.14 23:26:45 | 000,000,354 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2007.11.16 12:20:44 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.11.16 12:10:24 | 000,000,052 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007.10.27 11:00:12 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007.10.26 15:28:18 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007.10.26 15:28:04 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007.08.09 15:07:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007.04.13 11:27:29 | 000,022,168 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll
[2007.04.13 11:27:29 | 000,018,072 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll
[2007.03.15 00:57:22 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS79.DLL
[2007.03.14 23:51:30 | 000,110,592 | ---- | C] () -- C:\Dokumente und Einstellungen\KEnder\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.03.12 22:43:12 | 000,000,073 | ---- | C] () -- C:\WINDOWS\pdf2rtf.INI
[2007.03.12 17:04:03 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\getnode.dll
[2007.03.12 16:35:39 | 000,016,384 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2007.03.12 16:34:32 | 000,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2007.03.12 16:34:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2007.03.12 16:34:32 | 000,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2007.03.12 16:34:32 | 000,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2007.03.12 15:55:52 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.08.03 04:24:08 | 000,045,124 | ---- | C] () -- C:\WINDOWS\System32\LsaWrApi.dll
[2006.08.03 04:16:54 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\ShellNav.dll
[2006.08.03 04:15:16 | 000,528,453 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2006.08.03 04:14:18 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\D8021Xps.dll
[2005.01.13 04:00:10 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005.01.13 03:00:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.08.23 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\zllsputility_loc0407.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\twunk_32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\twunk_16.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\TMEVALDD.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ZCfgSvc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshde.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wowexec.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmv9vcm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpscheme.xml:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpns.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winsock.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winoldap.mod:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winmine.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vxblock.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vjoy.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\verifier.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\user.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unicode.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Tsci.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsbyuv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsappcmp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TPWRSAVE.CPL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TPWRSAVE.CPL.MANIFEST:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TPWRREG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TPWRADAPT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TPSICON.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tosmreg.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tosmreg.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TDEVDETECT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\success:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\streamci.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole2.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sqlwoa.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sqlsodbc.chm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spxcoins.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sprestrt.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sortkey.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sol.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\softpub.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sndvol32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shell.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\senscfg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\S24MUDLL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\S24EvMon.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\riched32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RegSrvc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasmxs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasmontr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasdial.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasautou.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxinsi64.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxinsa64.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxhpinst.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxcpyi64.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxcpya64.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PWSOCK32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PWIOCB32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PsRegApi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\plugin.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PfMgrApi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OUTLPERF.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OUTLPERF.H:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olesvr32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oledlg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olecnv32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olecli32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oleaccrc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.sig:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.bin:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ocmanage.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntvdmd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntsdexts.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdos.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NMAPI32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netui2.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netmsg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netevent.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mycomput.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml3r.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvidc32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msuni11.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mssign32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msports.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msls31.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msisip.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msisam11.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msidntld.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mshearts.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscdexnt.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mindex.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MFCO40.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc42loc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc40loc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc40.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mdimon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcd32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mapistub.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\main.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lz32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\libeay32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LgNotify.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\l3codecx.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\l_intl.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdus.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdkor.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdjpn.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdgr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbd106.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbd103.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbd101c.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbd101b.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kb16.com:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IntelAE5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\InsSec.scr:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetcplc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\imslsp_install_loc0407.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ifsutil.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icfgnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\himem.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\getnode.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\gdi.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\freecell.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fmifs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FM20DEU.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fixmapi.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\exts.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ega.cpi:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DSndUp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drmclien.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wmilib.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\swmidi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\smwdm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\secdrv.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\s24trans.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rasirda.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\pciide.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\parvdm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\null.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ndproxy.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ndistapi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mouhid.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mnmdd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\isapnp.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hidusb.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ftdisk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\fs_rec.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\fips.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxgthk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dne2000.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\compbatt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cdr4_xp.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cdaudio.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\beep.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\battc.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\AegisP.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\aeaudio.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\docprop.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dneinobj.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dmocx.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dmintf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DivXCodecUpdateChecker.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dbgeng.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\D8021Xps.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctype.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cseltbl.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\csellang.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\csellang.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cselect.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\crtdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\country.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CONFIG.TMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\compmgmt.msc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\command.com:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CleanUp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\clb.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\charmap.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\calc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cacls.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C1XStngs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_950.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_949.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_936.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_932.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_875.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_874.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_869.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_866.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_865.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_863.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_861.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_860.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_857.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_855.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_852.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_850.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_775.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_737.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_500.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_437.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28605.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28599.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28592.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28591.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_21866.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20866.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20261.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20127.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1258.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1257.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1256.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1255.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1254.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1252.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1026.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10082.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10081.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10079.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10029.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10017.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10010.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10007.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10006.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10000.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_037.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\activeds.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\aaaamon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a3d.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\1XConfig.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\12520850.cpx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\12520437.cpx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\00THotkey.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\000StTHK.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$winnt$.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\OEWABLog.txt:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\ocgen.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\mozver.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\ltremove.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\IsUninst.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\FaxSetup.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\_default.pif:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Programme\TOSHIBA\TME3\Tmesrv31.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Programme\TOSHIBA\TME3\Tmesbs32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Programme\mozilla firefox\plugins\npchime.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\KEnder\Startmenü\Programme\Autostart\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\KEnder\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\KEnder\Eigene Dateien\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\KEnder\Desktop\Word.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\KEnder\Desktop\Daten.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\KEnder\Anwendungsdaten\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotek.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMSysPrx.prx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMSysPr9.prx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wmprfDEU.prx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winhelp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vmmreg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vb.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twain.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tsoc.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TASKMAN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wupdmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshnetbs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshisn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshatm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\write.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdtrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtpdr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfaxui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowdeb.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmoe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmv8dmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmiscmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmiprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmidx.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmerrDEU.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WLANDLL.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WISPTIS.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Wireless.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winstrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winnls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhlp32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhelp.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winchat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win87em.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wifeman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiavusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiasf.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webhits.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmioctl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdl.trm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wcfg.bat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wavemsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32topl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32tm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vwipxspx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vwipxspx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssadmin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vss_ps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSFLEX3.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga64k.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga256.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\verifier.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ver.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VEN2232.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcdex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vbsde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAME.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBADE32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\v7vga.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvpa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvoica.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv80a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv42a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsvpia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrshuta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsdpia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrrtosa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrprbda.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrmlnka.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlbva.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrfaxa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdtea.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdpa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcoina.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcntra.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USB.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ureg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unlodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umdmxfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ufat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\typeperf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\typelib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TWarnMsg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tutildel.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSDTOKEN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsd32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSCIEX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSCCALL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tree.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tracert6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TPWRTRAY.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TPWRTAB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TPWRDEL.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TPIDITST.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TPIDI32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TPIDI16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\toolhelp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TMESRV.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TMEPROP.CPL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tftp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\termcap:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\telephon.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpsvcs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcmsetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcleanup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\taskman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tasklist.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\taskkill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapiui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapiperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\systray.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\systeminfo.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprtj.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprint.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysinv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysedit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syncapp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\swprv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svcpack.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\storage.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stclient.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio800.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio600.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spnike.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sort.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SMSUnins.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SMMedia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbrccsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\skdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sisbkup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ShellNav.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\share.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfmapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setver.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SETUPSUB.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setup.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serwvdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\services.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serialui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secpol.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sdpblb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scrrnde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scriptpw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scripto.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scredir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scode.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardssp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SbrngSvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SbrngAPI.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\S24TRANS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\s24NCfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\runas.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpcnts.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsopprov.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmui.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmsink.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsfsaps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaci.rat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcns4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routetab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\route.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rnr20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\results.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\replace.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rend.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\relog.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regwiz.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regedt32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\recover.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasrad.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrnm.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qosname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PWR.ICO:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pubprn.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ptpusb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psnppagn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PsGuiMgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pscript.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdcnt.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prodspec.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prnqctl.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prnport.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prnmngr.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prnjobs.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prndrvr.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prncnfg.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\print.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prflbmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRApplet.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pn802_11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pmspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\plustab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ping6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pifmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PfWizard.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PfMgrTool.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfnw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfnet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi009.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi007.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd009.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd007.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pentnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdf2word.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pcl.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pathping.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\paqsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\panmap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pagefileconfig.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\osuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olesvr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2nls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2disp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc16gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nwscript.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nwevent.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nwcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nwc.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nwapi32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nwapi16.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nw16.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsoprq.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsevt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntimage.gif:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsbcli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nscompat.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\npwmsdrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.cht:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.chs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nlsfunc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netware.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\neth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\net.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncxpnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncpa.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nbtstat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\narrhook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxlegih.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxdm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxmlr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml2r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvideo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcrt20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvbvm50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswchx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTKPRP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTDFMT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssip32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrecr40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrclr40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msratelc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2cenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSPRPDE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msobjs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msencode.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMCTL.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mscat32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaudite.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaatext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mrinfo.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqprfsym.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqperf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqoa20.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqoa10.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqoa.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqgentr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqcertui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprdim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprddm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpnotify.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mountvol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\more.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\modex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mode.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmutilse.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmtask.tsk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmdriver.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_qic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_mtf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_hp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mlang.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mimefilt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\migpwd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mib.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC42DEU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc40u.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mem.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdwmdmsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdhcp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciwave.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciseq.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole16.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcicda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciavi.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mchgrcoi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcdsrv32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISRVR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mag_hook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lzexpand.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lusrmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lprmonui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpq.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logoff.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\login.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loghours.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loadfix.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lnkstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lights.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lanman.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\langwrbk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LAN.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\label.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_except.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korean.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\key01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdne.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmac.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdla.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit142.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgae.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdes.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbddv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdca.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbene.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_2.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_1.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.6.0_01-b06.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_11-b03.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jobexec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsh400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgpl400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgmd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgdw400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgaw400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jet500.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irclass.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxwan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxsap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrtmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxpromn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsec6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprtrmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprtprio.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iologmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\InstHelper.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\InsSecRc.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INKED.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\infosoft.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetwh32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iissuba.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ieakui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ideograf.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icmui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassvcs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassdo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassam.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasrecst.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iaspolcy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iashlpr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasads.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasacct.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HWSETUP.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HWSETUP.CPL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hticons.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hostname.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\help.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.pro:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graftabl.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpupdate.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpkcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpedit.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\glmf32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getuname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getmac.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\geo.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gcdef.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gb2312.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g711codc.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ftsrch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsutil.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\format.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\forcedos.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fontsub.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\finger.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\find.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fastopen.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\expand.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\exe2bin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventtriggers.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventquery.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventcls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eula.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentutl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.hxx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent97.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EncHWLst:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edlin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dvdplay.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssec.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound.vxd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dskquoui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsauth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ds16gt.dLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwatson.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmstor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vdmindvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbcamd2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbcamd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\TVALG.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\TVALD.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tsbvcap.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tosdvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\TMEI3E.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smsens.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smclib.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\RMCast.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\riodrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rio8drv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rawwan.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\oprghdlr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkspx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnknb.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nikedrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mcd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gmreadme.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gm.dls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fsvga.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\enum1394.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dxapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cpqdap01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cinemst2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cbidf2k.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmuni.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmepvc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\acpiec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\driverquery.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpserial.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dplay.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\doskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmview.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmdlgs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmconfig.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhst3g.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zoneoc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zonelibm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zoneclim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\znetm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zeeverm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zcorem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zclientm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wupdmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshnetbs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshisn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshatm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ws2ifsl.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\write.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wowexec.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wowdeb.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmvdmoe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmv8dmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpvis.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmmutil.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmmres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmmfilt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmitimep.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmiscmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmiprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmipicmp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmimsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmilib.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmidx.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmi2xml.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmerrdeu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wisc10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winstrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winspool.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winnls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winmsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winmine.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winmgmtr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winmgmt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winhstb.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winhelp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wingb.ime:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winchat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\win87em.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wifeman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wiavusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wiasf.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wfwnet.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\weitekp9.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\weitekp9.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\webhits.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wbemdisp.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wbemads.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wbemads.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wb32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wavemsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wamregps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wamps51.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\w3svapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\w3ext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\w3ctrs51.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\w32topl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\w32tm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\w32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vwipxspx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vwipxspx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vssadmin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vss_ps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vmmreg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vjoy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vgaoem.fon:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vga64k.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vga256.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vga.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vga.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\verifier.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\verifier.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ver.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vcdex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vbsde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\utildll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\user.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ureg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\updprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\unsecapp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\unlodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\uniansi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\umdmxfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ufat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\typeperf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\typelib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\twunk_32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\twunk_16.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\twain.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsshutdn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsprof.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tskill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsdiscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsd32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsappcmp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\trnsprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\trialoc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\traffic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tracert6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tourW.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tools.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\toolhelp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tmplprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\timer.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\thawbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tftp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\telephon.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tdspx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tdipx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tdasync.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tcpsvcs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tcmsetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\taskman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tasklist.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\taskkill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tapiui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tapiperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\systray.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\system.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\syskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sysinv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sysinfo.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sysedit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\syncapp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\swprv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\swmidi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\svcpack.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\subst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\storage.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\stdole32.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\stdole2.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\stdole.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\stclient.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\status.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\srusbusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\srframe.mmf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\srdiag.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\spxcoins.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\spttseng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sprestrt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\spcplui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\spcommon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sound.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sort.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\softpub.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\softkey.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\snmpstup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sndvol32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smtpcons.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smimsgif.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smierrsy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smierrsm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smclib.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smcirda.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smb6w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sma3w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm9aw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm93w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm92w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm90w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm8dw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm8cw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm8aw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm89w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm87w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm81w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm59w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\slbrccsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\skdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sisbkup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\simptcp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\shvlzm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\shvlres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\shvl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\shell.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\share.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\shadow.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sfmapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sfc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\setupdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\serwvdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\serialui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\senscfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sdpblb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scrrnde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scriptpw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scripto.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\script.fon:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scredir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scode.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scardssp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sapisvr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sam.spd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sam.sdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rwia330.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rwia001.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rw330ext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rw001ext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rvsezm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rvseres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rvse.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\runas.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rtm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsvpsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsvpperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsvpmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsvp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsopprov.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsmui.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsmsink.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsfsaps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rpcns4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\routetab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\routemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\route.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rootmdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rnr20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rmcast.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\riched32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\reset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\replace.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rend.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\relog.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\regwiz.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\register.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\regini.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\regedt32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\recover.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rdpcfgex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rdpcdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rawwan.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasrad.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\raspti.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasmxs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasirda.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasdial.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasautou.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasacd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\r1033tts.lxa:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\quser.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\query.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qosname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qappsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pubprn.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ptilink.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\psnppagn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pschdprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prnqctl.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prnport.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prnmngr.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prnjobs.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prndrvr.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prncnfg.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\print.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prflbmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pmxviceo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pmxmcro.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pmxgl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pmspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\plustab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\plugin.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ping6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pifmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\permchk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\perfts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\perfnw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\perfnet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pentnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pciide.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pathping.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\parvdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\partmgr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\panmap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pagefile.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pagecnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\padrs412.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\padrs411.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\osuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\olethk32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\olesvr32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\olesvr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oledlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\olecnv32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\olecli32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\olecli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oleaccrc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oleacc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ole2nls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ole2disp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ole2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oembios.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oembios.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\OEMBIOS.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oembios.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\odbc16gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ocmanage.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwscript.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwlnkspx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwlnknb.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwlnkfwd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwlnkflt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwevent.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwc.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwapi32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwapi16.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nw16.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\null.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntvdmd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntsdexts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntmsevt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntlanui2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntlanui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdsbcli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdos804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdos412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdos411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdos404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdos.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\NT5IIS.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\notiflag.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nmevtmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nlsfunc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nls302en.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nextlink.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\netui2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\netmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\neth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\netevent.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\netapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ndproxy.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ndistapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ncxpnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ncpa.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nbtstat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\narrhook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mycomput.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\MW770.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\multibox.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\muisetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mtxlegih.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mtxex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mtxdm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mtstocom.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mtsadmin.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msxmlr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msxml3r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msxml2r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msvideo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msvidc32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msvcrt20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msvcp50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msuni11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msswchx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msswch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mssoapr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mssoap1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mssip32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mssign32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msratelc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msr2cenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msr2c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msports.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msoobe.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msobjs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msls31.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msisip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msisam11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msir3jp.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msir3jp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msiprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msinfo32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msimsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msihnd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msiexec.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msidntld.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mshearts.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdtcstp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mscdexnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mscat32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msaudite.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msacm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msaatext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mrinfo.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mqperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mqoa20.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mqoa10.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mqoa.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mqgentr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mqcertui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mprui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mprmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mprdim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mprddm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mpnotify.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mouse.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mountvol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mouhid.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\modex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\modern.fon:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mnmdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mmutilse.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mmtask.tsk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mmdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mll_qic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mll_mtf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mll_hp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mindex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mimefilt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\migisol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mga.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mga.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mfc42deu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mfc40u.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mfc40deu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mfc40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\metal_ss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mem.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mdsync.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mdhcp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciwave.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciseq.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciole32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciole16.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mcicda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciavi.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mchgrcoi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mcdsrv32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mcd32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mcd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\MAPIMIG.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\main.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mag_hook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lzexpand.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lz32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ltts1033.lxa:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ltsm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lprmonui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lpr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lpq.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\logscrpt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\logoff.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\loghours.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lnkstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lights.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\langwrbk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\label.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\korwbrkr.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\korwbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\keyboard.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\key01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kdcom.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdycl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdycc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdvntc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbduzb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdusx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdusr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdusl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdusa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdus.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdurdu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdur.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbduk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdtuq.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdtuf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdth3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdth2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdth1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdth0.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdtat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsyr2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsyr1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdru1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdro.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdpo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdpl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdpl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdnecnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdnecat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdnec95.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdnec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdne.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdmac.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlv1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlt1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlk41j.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlk41a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdla.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdkyr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdkor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdkaz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdjpn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdit142.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdintel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdintam.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdinpun.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdinmar.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdinkan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdinhin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdinguj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdindev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdibm02.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhu1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhept.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhela3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhela2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdheb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhe319.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhe220.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdgr1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdgkl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdgeo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdgae.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdest.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdes.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbddv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbddiv2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbddiv1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcz2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcz1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdca.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdbu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdbr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdblr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdbene.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdbe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdazel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdaze.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdax2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdarmw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdarme.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdal.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbda3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbda2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbda1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd106n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd106.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd103.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd101c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd101b.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd101a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd101.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jupiw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jsde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jobexec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jgsh400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jgsd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jgpl400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jgmd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jgdw400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jgaw400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jet500.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iwrps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\isignup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\isapnp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\isapips.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\irclass.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxwan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxsap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxrtmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxrip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxpromn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipsec6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iprtrmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iprtprio.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipfltdrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iologmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\infosoft.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\infoctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\inetsloc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\inetmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\inetcplc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imskf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imskdic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imsinsnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imkrinst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpuex.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpdadm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imepadsv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imepadsm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imekrmig.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imekr.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iisui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iissync.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iissuba.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iisrstap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iisreset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iismui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iiscrmap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iisclex4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ifsutil.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ieinfo5.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ieakui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icwtutor.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icwres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icmui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icfgnt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iassvcs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iassdo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iassam.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iasrecst.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iaspolcy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\IASNT4.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iasnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iashlpr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iasads.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iasacct.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hwxkor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hwxjpn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hwxcht.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\htrn_jis.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hrtzzm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hrtzres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hrtz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\HPCRDP.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hostname.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\home_ss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hnetmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hlink.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\himem.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hidusb.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hhctrlui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\helphost.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\help.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hcappres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hanjadic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hanja.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\gpupdate.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\gpkcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\glmf32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\getuname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\getmac.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\gdi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\gcdef.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\g711codc.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxssend.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsroute.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsclntr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxscfgwz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fwdprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ftsrch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ftpsapi2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ftpctrs2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ftlx041e.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fsutil.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fsusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fsconins.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fs_rec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\freecell.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\framdit.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\framd.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\forcedos.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fontsub.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fmifs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\flattemp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fixmapi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fips.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\finger.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\find.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fastopen.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\f3ahvoas.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\exts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\expand.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\exe2bin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_smtpsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_seos.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_seo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_scripto.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\evtrig.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\evtquery.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\eventvwr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\eventcls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\et4000.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esunid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esuimgd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esucmd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esentutl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esentprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esent97.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\eqnclass.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\edlin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\edb500.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\e100b325.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dxgthk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dxapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dwil1033.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dsprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dskquoui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dsauth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ds16gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\drwtsn32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\drwatson.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\drvqry.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\drmstor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\drmclien.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpserial.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpnwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpnmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dplay.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\doskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dosapp.fon:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\docprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmview.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmocx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmload.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmintf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmdskres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmdlgs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmconfig.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dllhst3g.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dispex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\diskperf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\diskcopy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dimap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\diactfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dhcpsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dhcpmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dgsetup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dgrpsetu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dfrgres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\deskperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\deskmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\deskadp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\debug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ddeml.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dcomcnfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dbgeng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\datime.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3dxof.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3drm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3dramp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3dpmesh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3dim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ctl3dv2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ctl3d32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\csseqchk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\crtdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cprofile.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\country.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\counters.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\convlog.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\convert.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\controt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\control.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\console.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\confmsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comsnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comsetup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comrereg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comrepl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\compobj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\compact.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\commdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comcat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comaddin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cnvfat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cnetcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cmpbk32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cmnresm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cmnclim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\clb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\class_ss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ckcnv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cidaemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ciadmin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chtbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chsbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chkrzm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chkrres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chkntfs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chkdsk.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chgusr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chgport.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chglogon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\charmap.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\change.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\certmap.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cdmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ccfgnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cb32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cards.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\capesnpn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cap7146.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\calc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cacls.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_iscii.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_is2022.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_g18030.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\brpinfo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\browscap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bootvrfy.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bootvid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bootok.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bootcfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bnts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\blue_ss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\beep.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bckgzm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bckgres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bckg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avwav.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avtapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avifile.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avicap32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avicap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\autodisc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\authfilt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\attrib.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atmuni.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atmpvcno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atmepvc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atkctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\asr_ldm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\asptxn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\aspperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\arp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\append.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\apcups.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ansi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0c0a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0816.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0804.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt041f.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt041d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0419.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0416.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0415.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0414.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0413.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0412.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0411.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0410.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt040e.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt040d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt040c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt040b.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0409.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0408.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0407.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0406.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0405.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0404.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0401.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\adsnw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\adsnds.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\adrot.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\adptif.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\admxprox.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\activeds.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\acledit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\acctres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\aaaamon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\a3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\12520850.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\12520437.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dispex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskperf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcopy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcopy.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcomp.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dimap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diactfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgsetup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dfrg.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\devmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskadp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\debug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ddeml.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dcomcnfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsvinn.dLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsadsn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\datime.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dxof.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3drm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dramp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dpmesh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csseqchk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\convert.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\control.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\console.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\confmsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comrepl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compobj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compact.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\commdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comcat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comaddin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnvfat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNMVS79.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNMLM79.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnetcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmpbk32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmos.ram:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmmgr32.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmdlib.wsc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconf.chm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ckcnv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cidaemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadv.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkntfs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkdsk.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chcp.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Channels anzeigen.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\certmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ccfgnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\capesnpn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28598.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28593.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20905.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootvrfy.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootok.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootcfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios4.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios1.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avwav.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avtapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avifile.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avicap32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avicap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autodisc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\attrib.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atmpvcno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atkctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATHPRXY.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asr_ldm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\append.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apcups.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ansi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\amcompat.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsnw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsnds.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adptif.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AdHocWiz.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acledit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acelpdec.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WFWNET.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VGA.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TIMER.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SYSTEM.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\stdole.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SOUND.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SHELL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\setup.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLESVR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLECLI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSVIDEO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MOUSE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMTASK.TSK:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIWAVE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCISEQ.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIAVI.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\LZEXPAND.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\COMMDLG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVIFILE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVICAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\svcpack.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SetupWLD.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setuplog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setuperr.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupact.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\sessmgr.setup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Seifenblase.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe-Stuck.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\regopt.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\REGLOCS.OLD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Präriewind.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\pdf2rtf.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBC.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocmsn.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ntdtcsetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msmqinst.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msgsocm.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msdfmap.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ModemLog_TOSHIBA Software Modem AMR.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893803v2.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Kaffeetasse.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\IsUn0407.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\iis6.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Granit.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Feder.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Fächer.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\explorer.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DtcInstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DirectX.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\comsetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\clock.avi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\chipset.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blaue Spitzen 16.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Angler.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Programme\mozilla firefox\plugins\NPOFFICE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\wmsetup.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\win.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\setupapi.log.0.old:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Dokumente und Einstellungen\KEnder\ntuser.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Dokumente und Einstellungen\KEnder\Lokale Einstellungen\Anwendungsdaten\IconCache.db:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Dokumente und Einstellungen\All Users\Desktop\ZoomBrowser EX.lnk:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\pxwave.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\px.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\Drivers\PxHelp20.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\Windows Update.log:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WiFiAdap.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WConfig.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\utildll.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\traffic.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\Thci.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\pxsfs.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\pxmas.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\pxdrv.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\pxafs.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\olethk32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\oleacc.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msimsg.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msihnd.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msiexec.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\LsaWrApi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\kdcom.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\jsde.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\imsinstall_loc0407.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\hlink.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\partmgr.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\cdralw2k.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\dmdskres.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\dfrgres.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ctl3d32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ciadmin.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\cards.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\bootvid.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\00THotkey.exe.manifest:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Dokumente und Einstellungen\KEnder\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Dokumente und Einstellungen\KEnder\Desktop\Mozilla Firefox.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\desktop.ini:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Dokumente und Einstellungen\All Users\Desktop\InterVideo WinDVD 4.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\boot.ini:KAVICHS
< End of report >
Seitenanfang Seitenende
29.03.2010, 19:24
Swisstreasure
Moderator

Beiträge: 5694
#5 Schritt 1

Filesharing

Ich poste mal folgenden Hinweis, nicht mit erhobenem Zeigefinger, sondern weil Du Dir dessen vielleicht nicht bewusst bist. Du benutzt P2P-Programme. Wenn Du ein sauberes System bekommen respektive behalten möchtest, solltest Du auf den Download von Software aus solchen Quellen verzichten, denn auch wenn das P2P-Programm selbst "sauber" ist, bewahrt es Dich nicht davor, evtl. schädliche Programme auf Deinen Rechner zu holen.

Du siehst, die Gefahr ist sehr groß, sich über diese Wege zu infizieren. Aus diesem Grund bereinige ich lieber Systeme, die keine solchen Programme installiert haben und bitte Dich daher alle Programme, die in diese Richtung gehen, während unserer Bereinigung komplett und rückstandlos über Systemsteuerung => Software zu deinstallieren

Zitat

BitTorrent
Schritt 2

Teatimer abstellen

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.

Schritt 3

Java aktualisieren

Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu.

Downloade nun die Offline-Version von Java (Java SE Runtime Environment (JRE) 6 Update 18) von SUN. Wenn Du auf Download geklickt hast, erscheint eine Seite, wo Du das Betriebssystem auswählen musst (also Windows) und ein Häkchen bei "I agree" setzen musst. Dann auf den Button "Continue" klicken. Dort die jre-6u18-windows-i586.exe downloaden und anschließend installieren, eventuell angebotene Toolbars nicht mitinstallieren.

Schritt 4

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Zitat

:OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O33 - MountPoints2\{3027f6f0-4483-11de-9c27-0004234f633e}\Shell\AutoRun\command - "" = F:\ -- File not found
O33 - MountPoints2\{3027f6f0-4483-11de-9c27-0004234f633e}\Shell\explore\Command - "" = F:\AUTORUN.EXE -- File not found
O33 - MountPoints2\{3027f6f0-4483-11de-9c27-0004234f633e}\Shell\open\Command - "" = F:\AUTORUN.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\zllsputility_loc0407.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\twunk_32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\twunk_16.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\TMEVALDD.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ZCfgSvc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshde.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wowexec.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmv9vcm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpscheme.xml:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpns.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winsock.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winoldap.mod:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winmine.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vxblock.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vjoy.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\verifier.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\user.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unicode.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Tsci.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsbyuv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsappcmp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TPWRSAVE.CPL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TPWRSAVE.CPL.MANIFEST:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TPWRREG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TPWRADAPT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TPSICON.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tosmreg.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tosmreg.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TDEVDETECT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\success:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\streamci.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole2.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sqlwoa.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sqlsodbc.chm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spxcoins.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sprestrt.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sortkey.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sol.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\softpub.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sndvol32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shell.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\senscfg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\S24MUDLL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\S24EvMon.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\riched32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RegSrvc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasmxs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasmontr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasdial.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasautou.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxinsi64.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxinsa64.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxhpinst.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxcpyi64.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pxcpya64.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PWSOCK32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PWIOCB32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PsRegApi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\plugin.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PfMgrApi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OUTLPERF.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OUTLPERF.H:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olesvr32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oledlg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olecnv32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olecli32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oleaccrc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.sig:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.bin:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ocmanage.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntvdmd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntsdexts.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdos.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NMAPI32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netui2.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netmsg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netevent.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mycomput.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml3r.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvidc32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msuni11.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mssign32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msports.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msls31.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msisip.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msisam11.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msidntld.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mshearts.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscdexnt.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mindex.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MFCO40.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc42loc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc40loc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc40.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mdimon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcd32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mapistub.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\main.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lz32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\libeay32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LgNotify.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\l3codecx.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\l_intl.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdus.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdkor.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdjpn.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdgr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbd106.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbd103.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbd101c.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbd101b.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kb16.com:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IntelAE5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\InsSec.scr:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetcplc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\imslsp_install_loc0407.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ifsutil.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icfgnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\himem.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\getnode.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\gdi.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\freecell.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fmifs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FM20DEU.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fixmapi.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\exts.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ega.cpi:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DSndUp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drmclien.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wmilib.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\swmidi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\smwdm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\secdrv.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\s24trans.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rasirda.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\pciide.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\parvdm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\null.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ndproxy.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ndistapi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mouhid.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mnmdd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\isapnp.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hidusb.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ftdisk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\fs_rec.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\fips.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxgthk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dne2000.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\compbatt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cdr4_xp.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cdaudio.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\beep.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\battc.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\AegisP.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\aeaudio.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\docprop.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dneinobj.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dmocx.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dmintf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DivXCodecUpdateChecker.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dbgeng.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\D8021Xps.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctype.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cseltbl.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\csellang.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\csellang.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cselect.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\crtdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\country.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CONFIG.TMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\compmgmt.msc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\command.com:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CleanUp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\clb.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\charmap.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\calc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cacls.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C1XStngs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_950.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_949.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_936.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_932.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_875.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_874.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_869.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_866.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_865.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_863.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_861.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_860.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_857.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_855.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_852.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_850.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_775.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_737.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_500.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_437.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28605.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28599.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28592.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28591.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_21866.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20866.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20261.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20127.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1258.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1257.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1256.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1255.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1254.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1252.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1026.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10082.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10081.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10079.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10029.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10017.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10010.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10007.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10006.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10000.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_037.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\activeds.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\aaaamon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a3d.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\1XConfig.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\12520850.cpx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\12520437.cpx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\00THotkey.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\000StTHK.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$winnt$.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\OEWABLog.txt:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\ocgen.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\mozver.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\ltremove.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\IsUninst.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\FaxSetup.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\_default.pif:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Programme\TOSHIBA\TME3\Tmesrv31.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Programme\TOSHIBA\TME3\Tmesbs32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Programme\mozilla firefox\plugins\npchime.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\KEnder\Startmenü\Programme\Autostart\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\KEnder\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\KEnder\Eigene Dateien\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\KEnder\Desktop\Word.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\KEnder\Desktop\Daten.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\KEnder\Anwendungsdaten\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotek.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMSysPrx.prx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMSysPr9.prx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wmprfDEU.prx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winhelp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vmmreg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vb.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twain.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tsoc.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TASKMAN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wupdmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshnetbs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshisn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshatm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\write.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdtrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtpdr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfaxui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowdeb.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmoe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmv8dmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmiscmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmiprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmidx.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmerrDEU.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WLANDLL.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WISPTIS.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Wireless.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winstrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winnls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhlp32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhelp.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winchat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win87em.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wifeman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiavusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiasf.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webhits.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmioctl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdl.trm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wcfg.bat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wavemsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32topl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32tm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vwipxspx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vwipxspx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssadmin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vss_ps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSFLEX3.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga64k.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga256.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\verifier.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ver.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VEN2232.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcdex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vbsde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAME.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBADE32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\v7vga.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvpa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvoica.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv80a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv42a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsvpia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrshuta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsdpia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrrtosa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrprbda.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrmlnka.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlbva.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrfaxa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdtea.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdpa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcoina.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcntra.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\USB.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ureg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unlodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umdmxfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ufat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\typeperf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\typelib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TWarnMsg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tutildel.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSDTOKEN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsd32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSCIEX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TSCCALL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tree.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tracert6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TPWRTRAY.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TPWRTAB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TPWRDEL.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TPIDITST.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TPIDI32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TPIDI16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\toolhelp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TMESRV.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TMEPROP.CPL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tftp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\termcap:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\telephon.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpsvcs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcmsetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcleanup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\taskman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tasklist.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\taskkill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapiui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapiperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\systray.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\systeminfo.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprtj.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprint.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysinv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysedit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syncapp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\swprv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svcpack.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\storage.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stclient.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio800.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio600.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spnike.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sort.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SMSUnins.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SMMedia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbrccsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\skdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sisbkup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ShellNav.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\share.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfmapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setver.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SETUPSUB.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setup.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serwvdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\services.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serialui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secpol.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sdpblb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scrrnde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scriptpw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scripto.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scredir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scode.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardssp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SbrngSvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SbrngAPI.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\S24TRANS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\s24NCfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\runas.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpcnts.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsopprov.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmui.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmsink.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsfsaps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaci.rat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcns4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routetab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\route.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rnr20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\results.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\replace.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rend.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\relog.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regwiz.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regedt32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\recover.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasrad.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrnm.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qosname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PWR.ICO:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pubprn.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ptpusb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psnppagn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PsGuiMgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pscript.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdcnt.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prodspec.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prnqctl.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prnport.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prnmngr.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prnjobs.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prndrvr.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prncnfg.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\print.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prflbmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PRApplet.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pn802_11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pmspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\plustab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ping6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pifmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PfWizard.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PfMgrTool.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfnw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfnet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi009.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi007.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd009.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd007.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pentnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pdf2word.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pcl.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pathping.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\paqsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\panmap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pagefileconfig.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\osuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olesvr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2nls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2disp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc16gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nwscript.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nwevent.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nwcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nwc.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nwapi32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nwapi16.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nw16.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsoprq.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsevt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntimage.gif:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsbcli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nscompat.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\npwmsdrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.cht:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.chs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nlsfunc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netware.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\neth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\net.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncxpnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncpa.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nbtstat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\narrhook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxlegih.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxdm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxmlr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml2r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvideo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcrt20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvbvm50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswchx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTKPRP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTDFMT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssip32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrecr40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrclr40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msratelc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2cenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSPRPDE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msobjs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msencode.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMCTL.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mscat32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaudite.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaatext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mrinfo.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqprfsym.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqperf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqoa20.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqoa10.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqoa.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqgentr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mqcertui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprdim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprddm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpnotify.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mountvol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\more.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\modex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mode.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmutilse.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmtask.tsk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmdriver.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_qic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_mtf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_hp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mlang.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mimefilt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\migpwd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mib.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC42DEU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc40u.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mem.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdwmdmsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdhcp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciwave.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciseq.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole16.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcicda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciavi.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mchgrcoi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcdsrv32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISRVR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mag_hook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lzexpand.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lusrmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lprmonui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpq.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logoff.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\login.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loghours.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loadfix.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lnkstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lights.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lanman.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\langwrbk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LAN.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\label.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_except.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korean.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\key01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdnec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdne.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmac.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdla.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit142.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgae.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdes.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbddv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdca.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbene.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_2.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_1.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.6.0_01-b06.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_11-b03.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jobexec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsh400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgsd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgpl400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgmd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgdw400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jgaw400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jet500.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irclass.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxwan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxsap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrtmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxpromn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsec6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprtrmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprtprio.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iologmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\InstHelper.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\InsSecRc.scr:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INKED.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\infosoft.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetwh32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iissuba.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ieakui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ideograf.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icmui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassvcs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassdo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassam.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasrecst.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iaspolcy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iashlpr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasads.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasacct.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HWSETUP.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HWSETUP.CPL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hticons.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hostname.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\help.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.pro:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graftabl.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpupdate.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpkcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpedit.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\glmf32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getuname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getmac.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\geo.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gcdef.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gb2312.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g711codc.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ftsrch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsutil.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\format.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\forcedos.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fontsub.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\finger.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\find.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fastopen.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\expand.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\exe2bin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventtriggers.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventquery.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventcls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eula.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentutl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.hxx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent97.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EncHWLst:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edlin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dvdplay.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssec.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound.vxd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dskquoui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsauth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ds16gt.dLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwatson.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmstor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vdmindvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbcamd2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbcamd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\TVALG.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\TVALD.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tsbvcap.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tosdvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\TMEI3E.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smsens.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smclib.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\RMCast.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\riodrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rio8drv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rawwan.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\oprghdlr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkspx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnknb.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nikedrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mcd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gmreadme.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gm.dls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fsvga.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\enum1394.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dxapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cpqdap01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cinemst2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cbidf2k.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmuni.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmepvc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\acpiec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\driverquery.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpserial.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dplay.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\doskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmview.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmdlgs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmconfig.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhst3g.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zoneoc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zonelibm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zoneclim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\znetm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zeeverm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zcorem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\zclientm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wupdmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshnetbs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshisn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wshatm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ws2ifsl.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\write.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wowexec.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wowdeb.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmvdmoe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmv8dmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpvis.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmpstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmmutil.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmmres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmmfilt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmitimep.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmiscmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmiprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmipicmp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmimsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmilib.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmidx.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmi2xml.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmerrdeu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wisc10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winstrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winspool.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winnls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winmsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winmine.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winmgmtr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winmgmt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winhstb.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winhelp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wingb.ime:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\winchat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\win87em.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wifeman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wiavusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wiasf.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wfwnet.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\weitekp9.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\weitekp9.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\webhits.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wbemdisp.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wbemads.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wbemads.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wb32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wavemsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wamregps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wamps51.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\w3svapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\w3ext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\w3ctrs51.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\w32topl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\w32tm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\w32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vwipxspx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vwipxspx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vssadmin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vss_ps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vmmreg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vjoy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vgaoem.fon:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vga64k.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vga256.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vga.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vga.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\verifier.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\verifier.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ver.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vcdex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\vbsde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\utildll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\user.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ureg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\updprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\unsecapp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\unlodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\uniansi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\umdmxfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ufat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\typeperf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\typelib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\twunk_32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\twunk_16.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\twain.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsshutdn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsprof.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tskill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsdiscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsd32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tsappcmp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\trnsprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\trialoc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\traffic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tracert6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tourW.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tools.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\toolhelp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tmplprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\timer.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\thawbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tftp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\telephon.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tdspx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tdipx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tdasync.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tcpsvcs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tcmsetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\taskman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tasklist.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\taskkill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tapiui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tapiperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\tapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\systray.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\system.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\syskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sysinv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sysinfo.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sysedit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\syncapp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\swprv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\swmidi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\svcpack.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\subst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\storage.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\stdole32.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\stdole2.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\stdole.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\stclient.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\status.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\srusbusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\srframe.mmf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\srdiag.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\spxcoins.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\spttseng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sprestrt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\spcplui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\spcommon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sound.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sort.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\softpub.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\softkey.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\snmpstup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sndvol32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smtpcons.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smimsgif.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smierrsy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smierrsm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smclib.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smcirda.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\smb6w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sma3w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm9aw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm93w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm92w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm90w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm8dw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm8cw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm8aw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm89w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm87w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm81w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sm59w.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\slbrccsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\skdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sisbkup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\simptcp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\shvlzm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\shvlres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\shvl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\shell.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\share.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\shadow.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sfmapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sfc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\setupdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\serwvdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\serialui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\senscfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sdpblb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scrrnde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scriptpw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scripto.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\script.fon:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scredir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scode.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\scardssp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sapisvr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sam.spd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\sam.sdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rwia330.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rwia001.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rw330ext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rw001ext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rvsezm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rvseres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rvse.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\runas.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rtm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsvpsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsvpperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsvpmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsvp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsopprov.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsmui.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsmsink.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rsfsaps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rpcns4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\routetab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\routemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\route.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rootmdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rnr20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rmcast.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\riched32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\reset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\replace.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rend.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\relog.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\regwiz.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\register.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\regini.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\regedt32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\recover.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rdpcfgex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rdpcdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rawwan.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasrad.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\raspti.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasmxs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasirda.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasdial.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasautou.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\rasacd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\r1033tts.lxa:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\quser.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\query.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qosname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\qappsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pubprn.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ptilink.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\psnppagn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pschdprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prnqctl.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prnport.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prnmngr.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prnjobs.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prndrvr.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prncnfg.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\print.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\prflbmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pmxviceo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pmxmcro.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pmxgl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pmspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\plustab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\plugin.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ping6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pifmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\permchk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\perfts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\perfnw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\perfnet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pentnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pciide.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pathping.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\parvdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\partmgr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\panmap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pagefile.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\pagecnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\padrs412.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\padrs411.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\osuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\olethk32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\olesvr32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\olesvr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oledlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\olecnv32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\olecli32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\olecli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oleaccrc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oleacc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ole2nls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ole2disp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ole2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oembios.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oembios.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\OEMBIOS.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\oembios.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\odbc16gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ocmanage.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwscript.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwlnkspx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwlnknb.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwlnkfwd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwlnkflt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwevent.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwc.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwapi32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nwapi16.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nw16.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\null.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntvdmd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntsdexts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntmsevt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntlanui2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntlanui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdsbcli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdos804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdos412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdos411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdos404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ntdos.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\NT5IIS.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\notiflag.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nmevtmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nlsfunc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nls302en.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nextlink.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\netui2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\netmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\neth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\netevent.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\netapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ndproxy.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ndistapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ncxpnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ncpa.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\nbtstat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\narrhook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mycomput.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\MW770.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\multibox.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\muisetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mtxlegih.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mtxex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mtxdm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mtstocom.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mtsadmin.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msxmlr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msxml3r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msxml2r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msvideo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msvidc32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msvcrt20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msvcp50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msuni11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msswchx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msswch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mssoapr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mssoap1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mssip32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mssign32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msratelc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msr2cenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msr2c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msports.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msoobe.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msobjs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msls31.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msisip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msisam11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msir3jp.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msir3jp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msiprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msinfo32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msimsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msihnd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msiexec.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msidntld.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mshearts.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msdtcstp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mscdexnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mscat32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msaudite.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msacm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\msaatext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mrinfo.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mqperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mqoa20.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mqoa10.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mqoa.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mqgentr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mqcertui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mprui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mprmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mprdim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mprddm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mpnotify.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mouse.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mountvol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mouhid.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\modex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\modern.fon:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mnmdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mmutilse.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mmtask.tsk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mmdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mll_qic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mll_mtf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mll_hp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mindex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mimefilt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\migisol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mga.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mga.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mfc42deu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mfc40u.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mfc40deu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mfc40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\metal_ss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mem.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mdsync.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mdhcp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciwave.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciseq.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciole32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciole16.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mcicda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mciavi.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mchgrcoi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mcdsrv32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mcd32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mcd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\MAPIMIG.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\main.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\mag_hook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lzexpand.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lz32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ltts1033.lxa:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ltsm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lprmonui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lpr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lpq.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\logscrpt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\logoff.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\loghours.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lnkstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\lights.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\langwrbk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\label.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\korwbrkr.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\korwbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\keyboard.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\key01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kdcom.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdycl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdycc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdvntc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbduzb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdusx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdusr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdusl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdusa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdus.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdurdu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdur.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbduk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdtuq.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdtuf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdth3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdth2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdth1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdth0.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdtat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsyr2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsyr1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdsf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdru1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdro.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdpo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdpl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdpl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdnecnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdnecat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdnec95.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdnec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdne.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdmac.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlv1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlt1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlk41j.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdlk41a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdla.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdkyr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdkor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdkaz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdjpn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdit142.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdintel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdintam.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdinpun.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdinmar.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdinkan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdinhin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdinguj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdindev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdibm02.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhu1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhept.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhela3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhela2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdheb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhe319.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhe220.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdhe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdgr1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdgkl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdgeo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdgae.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdfa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdest.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdes.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbddv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbddiv2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbddiv1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcz2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcz1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdcan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdca.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdbu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdbr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdblr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdbene.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdbe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdazel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdaze.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdax2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdarmw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdarme.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbdal.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbda3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbda2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbda1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd106n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd106.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd103.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd101c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd101b.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd101a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\kbd101.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jupiw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jsde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jobexec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jgsh400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jgsd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jgpl400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jgmd400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jgdw400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jgaw400.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\jet500.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iwrps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\isignup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\isapnp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\isapips.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\irclass.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxwan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxsap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxrtmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxrip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxpromn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipxmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipsec6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iprtrmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iprtprio.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ipfltdrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iologmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\infosoft.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\infoctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\inetsloc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\inetmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\inetcplc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imskf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imskdic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imsinsnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imkrinst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpuex.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imjpdadm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imepadsv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imepadsm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imekrmig.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\imekr.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iisui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iissync.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iissuba.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iisrstap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iisreset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iismui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iiscrmap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iisclex4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ifsutil.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ieinfo5.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ieakui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icwtutor.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icwres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icmui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\icfgnt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iassvcs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iassdo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iassam.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iasrecst.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iaspolcy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\IASNT4.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iasnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iashlpr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iasads.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\iasacct.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hwxkor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hwxjpn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hwxcht.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\htrn_jis.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hrtzzm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hrtzres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hrtz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\HPCRDP.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hostname.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\home_ss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hnetmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hlink.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\himem.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hidusb.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hhctrlui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\helphost.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\help.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hcappres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hanjadic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\hanja.lex:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\gpupdate.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\gpkcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\glmf32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\getuname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\getmac.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\gdi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\gcdef.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\g711codc.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxssend.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsroute.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsclntr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxscfgwz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fwdprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ftsrch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ftpsapi2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ftpctrs2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ftlx041e.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fsutil.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fsusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fsconins.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fs_rec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\freecell.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\framdit.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\framd.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\forcedos.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fontsub.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fmifs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\flattemp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fixmapi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fips.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\finger.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\find.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fastopen.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\f3ahvoas.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\exts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\expand.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\exe2bin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_smtpsvc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_seos.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_seo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_scripto.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\evtrig.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\evtquery.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\eventvwr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\eventcls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\et4000.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esunid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esuimgd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esucmd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esentutl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esentprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\esent97.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\eqnclass.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\edlin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\edb500.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\e100b325.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dxgthk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dxapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dwil1033.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dsprov.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dskquoui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dsauth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ds16gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\drwtsn32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\drwatson.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\drvqry.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\drmstor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\drmclien.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpserial.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpnwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dpnmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dplay.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\doskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dosapp.fon:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\docprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmview.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmocx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmload.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmintf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmdskres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmdlgs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dmconfig.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dllhst3g.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dispex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\diskperf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\diskcopy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dimap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\diactfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dhcpsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dhcpmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dgsetup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dgrpsetu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dfrgres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\deskperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\deskmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\deskadp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\debug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ddeml.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dcomcnfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\dbgeng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\datime.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3dxof.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3drm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3dramp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3dpmesh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\d3dim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ctl3dv2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ctl3d32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\csseqchk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\crtdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cprofile.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\country.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\counters.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\convlog.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\convert.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\controt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\control.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\console.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\confmsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comsnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comsetup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comrereg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comrepl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\compobj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\compact.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\commdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comcat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\comaddin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cnvfat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cnetcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cmpbk32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cmnresm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cmnclim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\clb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\class_ss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ckcnv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cidaemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ciadmin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chtbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chsbrkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chkrzm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chkrres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chkr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chkntfs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chkdsk.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chgusr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chgport.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\chglogon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\charmap.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\change.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\certmap.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cdmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ccfgnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cb32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cards.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\capesnpn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cap7146.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\calc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\cacls.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_iscii.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_is2022.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\c_g18030.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\brpinfo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\browscap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bootvrfy.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bootvid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bootok.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bootcfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bnts.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\blue_ss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\beep.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bckgzm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bckgres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\bckg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avwav.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avtapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avifile.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avicap32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\avicap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\autodisc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\authfilt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\attrib.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atmuni.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atmpvcno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atmepvc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\atkctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\asr_ldm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\asptxn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\aspperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\arp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\append.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\apcups.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\ansi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0c0a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0816.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0804.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt041f.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt041d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0419.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0416.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0415.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0414.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0413.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0412.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0411.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0410.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt040e.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt040d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt040c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt040b.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0409.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0408.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0407.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0406.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0405.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0404.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\agt0401.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\adsnw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\adsnds.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\adrot.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\adptif.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\admxprox.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\activeds.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\acledit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\acctres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\aaaamon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\a3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\12520850.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\12520437.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dispex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskperf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcopy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcopy.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcomp.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dimap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diactfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgsetup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dfrg.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\devmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskadp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\debug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ddeml.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dcomcnfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsvinn.dLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsadsn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\datime.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dxof.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3drm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dramp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dpmesh.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csseqchk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\convert.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\control.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\console.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\confmsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comsnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comrepl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compobj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compact.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\commdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comcat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comaddin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnvfat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNMVS79.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CNMLM79.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnetcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmpbk32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmos.ram:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmmgr32.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmdlib.wsc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconf.chm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ckcnv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cidaemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadv.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkntfs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkdsk.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chcp.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Channels anzeigen.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\certmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ccfgnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\capesnpn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28598.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28593.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20905.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootvrfy.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootok.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootcfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios4.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios1.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avwav.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avtapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avifile.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avicap32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avicap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autodisc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\attrib.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atmpvcno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atkctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATHPRXY.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asr_ldm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\append.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apcups.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ansi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\amcompat.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsnw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsnds.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adptif.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AdHocWiz.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acledit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acelpdec.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WFWNET.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VGA.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TIMER.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SYSTEM.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\stdole.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SOUND.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SHELL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\setup.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLESVR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLECLI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSVIDEO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MOUSE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMTASK.TSK:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIWAVE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCISEQ.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIAVI.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\LZEXPAND.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\COMMDLG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVIFILE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVICAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\svcpack.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SetupWLD.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setuplog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setuperr.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupact.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\sessmgr.setup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Seifenblase.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe-Stuck.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\regopt.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\REGLOCS.OLD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Präriewind.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\pdf2rtf.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBC.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocmsn.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ntdtcsetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msmqinst.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msgsocm.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msdfmap.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ModemLog_TOSHIBA Software Modem AMR.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893803v2.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Kaffeetasse.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\IsUn0407.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\iis6.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Granit.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Feder.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Fächer.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\explorer.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DtcInstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DirectX.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\comsetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\clock.avi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\chipset.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blaue Spitzen 16.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Angler.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Programme\mozilla firefox\plugins\NPOFFICE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\wmsetup.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\win.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\setupapi.log.0.old:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Dokumente und Einstellungen\KEnder\ntuser.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Dokumente und Einstellungen\KEnder\Lokale Einstellungen\Anwendungsdaten\IconCache.db:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Dokumente und Einstellungen\All Users\Desktop\ZoomBrowser EX.lnk:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\pxwave.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\px.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\Drivers\PxHelp20.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\Windows Update.log:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WiFiAdap.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\WConfig.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\utildll.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\traffic.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\Thci.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\pxsfs.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\pxmas.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\pxdrv.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\pxafs.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\olethk32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\oleacc.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msimsg.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msihnd.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msiexec.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\LsaWrApi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\kdcom.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\jsde.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\imsinstall_loc0407.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\hlink.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\partmgr.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\cdralw2k.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\dmdskres.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\dfrgres.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ctl3d32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ciadmin.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\cards.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\bootvid.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\00THotkey.exe.manifest:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Dokumente und Einstellungen\KEnder\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Dokumente und Einstellungen\KEnder\Desktop\Mozilla Firefox.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\desktop.ini:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Dokumente und Einstellungen\All Users\Desktop\InterVideo WinDVD 4.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\boot.ini:KAVICHS
:Commands
[purity]
[emptytemp]
• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread

Schritt 5

Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu
Seitenanfang Seitenende
30.03.2010, 00:28
Kaithy
...neu hier

Themenstarter

Beiträge: 7
#6 Nachtrag zum GMER-Scan (Sorry, die Codetags funktionieren hier leider nicht):

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-29 18:49:08
Windows 5.1.2600 Service Pack 2
Running: piij7ce9.exe; Driver: C:\DOKUME~1\KEnder\LOKALE~1\Temp\uftcqpow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF41EC630]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF41E5D80]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xF420A070]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF41ECE40]
SSDT F8B6EC9C ZwCreateThread
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF41ECFB0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF41E6C60]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xF420B780]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xF420B160]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF420C080]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF420C2B0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF41E6750]
SSDT F8B6EC88 ZwOpenProcess
SSDT F8B6EC8D ZwOpenThread
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF420D430]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF420CA40]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF41EC180]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF420D0D0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF41E7080]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xF420D8E0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xF420A970]
SSDT F8B6EC97 ZwTerminateProcess

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[184] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[184] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[184] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[184] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[184] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[184] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[184] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[224] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[224] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[224] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10003DF4
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[224] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[224] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[224] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10003E78
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[224] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[224] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[224] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[224] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[224] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[224] ws2_32.dll!connect 71A1406A 5 Bytes JMP 10003AF0
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[224] ws2_32.dll!send 71A1428A 5 Bytes JMP 10003264
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[224] ws2_32.dll!WSARecv 71A14318 5 Bytes JMP 100027F8
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[224] ws2_32.dll!recv 71A1615A 5 Bytes JMP 1000278C
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[224] ws2_32.dll!WSASend 71A16233 5 Bytes JMP 10003A9C
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10033DF4
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10033C3C
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10033E78
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] WS2_32.dll!connect 71A1406A 5 Bytes JMP 10033AF0
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] WS2_32.dll!send 71A1428A 5 Bytes JMP 10033264
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 100327F8
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] WS2_32.dll!recv 71A1615A 5 Bytes JMP 1003278C
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 10033A9C
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[288] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[288] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[288] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10003DF4
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[288] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[288] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 209A37DD C:\Programme\CheckPoint\ZAForceField\Plugins\ISWDMP.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[288] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10003E78
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[288] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[288] USER32.dll!ChangeClipboardChain + 14 77D3F4A6 5 Bytes JMP 20C29299 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[288] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[288] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[288] WS2_32.dll!connect 71A1406A 5 Bytes JMP 10003AF0
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[288] WS2_32.dll!send 71A1428A 5 Bytes JMP 10003264
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[288] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 100027F8
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[288] WS2_32.dll!recv 71A1615A 5 Bytes JMP 1000278C
.text C:\Programme\CheckPoint\ZAForceField\ForceField.exe[288] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 10003A9C
.text C:\Programme\Java\jre6\bin\jqs.exe[356] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[356] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[356] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10003DF4
.text C:\Programme\Java\jre6\bin\jqs.exe[356] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[356] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\Programme\Java\jre6\bin\jqs.exe[356] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10003E78
.text C:\Programme\Java\jre6\bin\jqs.exe[356] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[356] WS2_32.dll!connect 71A1406A 5 Bytes JMP 10003AF0
.text C:\Programme\Java\jre6\bin\jqs.exe[356] WS2_32.dll!send 71A1428A 5 Bytes JMP 10003264
.text C:\Programme\Java\jre6\bin\jqs.exe[356] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 100027F8
.text C:\Programme\Java\jre6\bin\jqs.exe[356] WS2_32.dll!recv 71A1615A 5 Bytes JMP 1000278C
.text C:\Programme\Java\jre6\bin\jqs.exe[356] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 10003A9C
.text C:\Programme\Java\jre6\bin\jqs.exe[356] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[356] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[356] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jqs.exe[356] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[376] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[376] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[376] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[376] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[376] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[376] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[376] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[376] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[512] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[512] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[512] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10003DF4
.text C:\WINDOWS\System32\nvsvc32.exe[512] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[512] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\System32\nvsvc32.exe[512] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10003E78
.text C:\WINDOWS\System32\nvsvc32.exe[512] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[512] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[512] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[512] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[512] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\nvsvc32.exe[512] ws2_32.dll!connect 71A1406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\System32\nvsvc32.exe[512] ws2_32.dll!send 71A1428A 5 Bytes JMP 10003264
.text C:\WINDOWS\System32\nvsvc32.exe[512] ws2_32.dll!WSARecv 71A14318 5 Bytes JMP 100027F8
.text C:\WINDOWS\System32\nvsvc32.exe[512] ws2_32.dll!recv 71A1615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\System32\nvsvc32.exe[512] ws2_32.dll!WSASend 71A16233 5 Bytes JMP 10003A9C
.text C:\WINDOWS\System32\RegSrvc.exe[568] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\RegSrvc.exe[568] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\RegSrvc.exe[568] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10003DF4
.text C:\WINDOWS\System32\RegSrvc.exe[568] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\RegSrvc.exe[568] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\System32\RegSrvc.exe[568] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10003E78
.text C:\WINDOWS\System32\RegSrvc.exe[568] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\RegSrvc.exe[568] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\RegSrvc.exe[568] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\RegSrvc.exe[568] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\RegSrvc.exe[568] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\RegSrvc.exe[568] ws2_32.dll!connect 71A1406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\System32\RegSrvc.exe[568] ws2_32.dll!send 71A1428A 5 Bytes JMP 10003264
.text C:\WINDOWS\System32\RegSrvc.exe[568] ws2_32.dll!WSARecv 71A14318 5 Bytes JMP 100027F8
.text C:\WINDOWS\System32\RegSrvc.exe[568] ws2_32.dll!recv 71A1615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\System32\RegSrvc.exe[568] ws2_32.dll!WSASend 71A16233 5 Bytes JMP 10003A9C
.text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[620] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[620] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[620] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10003DF4
.text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[620] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[620] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[620] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10003E78
.text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[620] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[620] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[620] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[620] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[620] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[620] ws2_32.dll!connect 71A1406A 5 Bytes JMP 10003AF0
.text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[620] ws2_32.dll!send 71A1428A 5 Bytes JMP 10003264
.text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[620] ws2_32.dll!WSARecv 71A14318 5 Bytes JMP 100027F8
.text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[620] ws2_32.dll!recv 71A1615A 5 Bytes JMP 1000278C
.text C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[620] ws2_32.dll!WSASend 71A16233 5 Bytes JMP 10003A9C
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[656] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[656] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[656] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[656] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[656] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[656] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[656] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[656] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10003DF4
.text C:\WINDOWS\System32\svchost.exe[660] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10003E78
.text C:\WINDOWS\System32\svchost.exe[660] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[660] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[660] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[660] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[660] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[660] ws2_32.dll!connect 71A1406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\System32\svchost.exe[660] ws2_32.dll!send 71A1428A 5 Bytes JMP 10003264
.text C:\WINDOWS\System32\svchost.exe[660] ws2_32.dll!WSARecv 71A14318 5 Bytes JMP 100027F8
.text C:\WINDOWS\System32\svchost.exe[660] ws2_32.dll!recv 71A1615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\System32\svchost.exe[660] ws2_32.dll!WSASend 71A16233 5 Bytes JMP 10003A9C
.text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[716] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[716] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[716] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10013DF4
.text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[716] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[716] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10013C3C
.text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[716] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10013E78
.text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[716] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[716] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[716] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[716] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[716] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[716] ws2_32.dll!connect 71A1406A 5 Bytes JMP 10013AF0
.text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[716] ws2_32.dll!send 71A1428A 5 Bytes JMP 10013264
.text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[716] ws2_32.dll!WSARecv 71A14318 5 Bytes JMP 100127F8
.text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[716] ws2_32.dll!recv 71A1615A 5 Bytes JMP 1001278C
.text C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[716] ws2_32.dll!WSASend 71A16233 5 Bytes JMP 10013A9C
.text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[756] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[756] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[756] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10003DF4
.text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[756] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[756] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[756] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10003E78
.text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[756] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[756] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[756] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[756] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[756] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[756] ws2_32.dll!connect 71A1406A 5 Bytes JMP 10003AF0
.text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[756] ws2_32.dll!send 71A1428A 5 Bytes JMP 10003264
.text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[756] ws2_32.dll!WSARecv 71A14318 5 Bytes JMP 100027F8
.text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[756] ws2_32.dll!recv 71A1615A 5 Bytes JMP 1000278C
.text C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[756] ws2_32.dll!WSASend 71A16233 5 Bytes JMP 10003A9C
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[1212] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10003DF4
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[1212] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[1212] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10003E78
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[1212] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[1212] USER32.dll!ChangeClipboardChain + 14 77D3F4A6 5 Bytes JMP 20C29299 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[1212] ws2_32.dll!connect 71A1406A 5 Bytes JMP 10003AF0
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[1212] ws2_32.dll!send 71A1428A 5 Bytes JMP 10003264
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[1212] ws2_32.dll!WSARecv 71A14318 5 Bytes JMP 100027F8
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[1212] ws2_32.dll!recv 71A1615A 5 Bytes JMP 1000278C
.text C:\Programme\CheckPoint\ZAForceField\IswSvc.exe[1212] ws2_32.dll!WSASend 71A16233 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\spoolsv.exe[1268] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1268] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1268] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\spoolsv.exe[1268] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1268] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\spoolsv.exe[1268] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\spoolsv.exe[1268] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1268] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1268] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1268] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1268] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\spoolsv.exe[1268] ws2_32.dll!connect 71A1406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\spoolsv.exe[1268] ws2_32.dll!send 71A1428A 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\spoolsv.exe[1268] ws2_32.dll!WSARecv 71A14318 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\spoolsv.exe[1268] ws2_32.dll!recv 71A1615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\spoolsv.exe[1268] ws2_32.dll!WSASend 71A16233 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\winlogon.exe[1288] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1288] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1288] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\winlogon.exe[1288] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\winlogon.exe[1288] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\winlogon.exe[1288] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1288] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1288] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1288] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1288] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1288] WS2_32.dll!connect 71A1406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\winlogon.exe[1288] WS2_32.dll!send 71A1428A 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\winlogon.exe[1288] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\winlogon.exe[1288] WS2_32.dll!recv 71A1615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\winlogon.exe[1288] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\services.exe[1336] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1336] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1336] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\services.exe[1336] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1336] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\services.exe[1336] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\services.exe[1336] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1336] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1336] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1336] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1336] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1336] ws2_32.dll!connect 71A1406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\services.exe[1336] ws2_32.dll!send 71A1428A 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\services.exe[1336] ws2_32.dll!WSARecv 71A14318 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\services.exe[1336] ws2_32.dll!recv 71A1615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\services.exe[1336] ws2_32.dll!WSASend 71A16233 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\lsass.exe[1348] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1348] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1348] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\lsass.exe[1348] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1348] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\lsass.exe[1348] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\lsass.exe[1348] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1348] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1348] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1348] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1348] WS2_32.dll!connect 71A1406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\lsass.exe[1348] WS2_32.dll!send 71A1428A 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\lsass.exe[1348] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\lsass.exe[1348] WS2_32.dll!recv 71A1615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\lsass.exe[1348] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1520] ws2_32.dll!connect 71A1406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\svchost.exe[1520] ws2_32.dll!send 71A1428A 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\svchost.exe[1520] ws2_32.dll!WSARecv 71A14318 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\svchost.exe[1520] ws2_32.dll!recv 71A1615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\svchost.exe[1520] ws2_32.dll!WSASend 71A16233 5 Bytes JMP 10003A9C
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1564] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10003DF4
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1564] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1564] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10003E78
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!connect 71A1406A 5 Bytes JMP 10003AF0
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!send 71A1428A 5 Bytes JMP 10003264
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 100027F8
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!recv 71A1615A 5 Bytes JMP 1000278C
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1564] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\svchost.exe[1684] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1684] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1684] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1724] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1724] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1724] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10003DF4
.text C:\WINDOWS\System32\svchost.exe[1724] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10003E78
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1724] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1724] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1724] ws2_32.dll!connect 71A1406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\System32\svchost.exe[1724] ws2_32.dll!send 71A1428A 5 Bytes JMP 10003264
.text C:\WINDOWS\System32\svchost.exe[1724] ws2_32.dll!WSARecv 71A14318 5 Bytes JMP 100027F8
.text C:\WINDOWS\System32\svchost.exe[1724] ws2_32.dll!recv 71A1615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\System32\svchost.exe[1724] ws2_32.dll!WSASend 71A16233 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1924] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1924] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10003DF4
.text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1960] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\Explorer.EXE[1960] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10003E78
.text C:\WINDOWS\Explorer.EXE[1960] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1960] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1960] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[1960] ws2_32.dll!connect 71A1406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\Explorer.EXE[1960] ws2_32.dll!send 71A1428A 5 Bytes JMP 10003264
.text C:\WINDOWS\Explorer.EXE[1960] ws2_32.dll!WSARecv 71A14318 5 Bytes JMP 100027F8
.text C:\WINDOWS\Explorer.EXE[1960] ws2_32.dll!recv 71A1615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\Explorer.EXE[1960] ws2_32.dll!WSASend 71A16233 5 Bytes JMP 10003A9C
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1972] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1972] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1972] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10043DF4
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1972] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1972] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10043C3C
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1972] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10043E78
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1972] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1972] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1972] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1972] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1972] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1972] ws2_32.dll!connect 71A1406A 5 Bytes JMP 10043AF0
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1972] ws2_32.dll!send 71A1428A 5 Bytes JMP 10043264
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1972] ws2_32.dll!WSARecv 71A14318 5 Bytes JMP 100427F8
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1972] ws2_32.dll!recv 71A1615A 5 Bytes JMP 1004278C
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1972] ws2_32.dll!WSASend 71A16233 5 Bytes JMP 10043A9C
.text C:\WINDOWS\System32\S24EvMon.exe[2040] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\S24EvMon.exe[2040] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\S24EvMon.exe[2040] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10003DF4
.text C:\WINDOWS\System32\S24EvMon.exe[2040] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\S24EvMon.exe[2040] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\System32\S24EvMon.exe[2040] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10003E78
.text C:\WINDOWS\System32\S24EvMon.exe[2040] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\S24EvMon.exe[2040] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\S24EvMon.exe[2040] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\S24EvMon.exe[2040] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\S24EvMon.exe[2040] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\S24EvMon.exe[2040] ws2_32.dll!connect 71A1406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\System32\S24EvMon.exe[2040] ws2_32.dll!send 71A1428A 5 Bytes JMP 10003264
.text C:\WINDOWS\System32\S24EvMon.exe[2040] ws2_32.dll!WSARecv 71A14318 5 Bytes JMP 100027F8
.text C:\WINDOWS\System32\S24EvMon.exe[2040] ws2_32.dll!recv 71A1615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\System32\S24EvMon.exe[2040] ws2_32.dll!WSASend 71A16233 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\ctfmon.exe[2092] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2092] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2092] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2092] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2092] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2092] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2092] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[2092] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Apoint2K\Apntex.exe[2268] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Apoint2K\Apntex.exe[2268] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Apoint2K\Apntex.exe[2268] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Apoint2K\Apntex.exe[2268] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Apoint2K\Apntex.exe[2268] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Apoint2K\Apntex.exe[2268] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Apoint2K\Apntex.exe[2268] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Apoint2K\Apntex.exe[2268] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\notepad.exe[2280] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\notepad.exe[2280] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\notepad.exe[2280] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\notepad.exe[2280] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\notepad.exe[2280] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\notepad.exe[2280] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\notepad.exe[2280] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\notepad.exe[2280] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2684] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2684] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2684] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2684] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2684] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2684] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2684] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\alg.exe[2684] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\00THotkey.exe[2888] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\00THotkey.exe[2888] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\00THotkey.exe[2888] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\00THotkey.exe[2888] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\00THotkey.exe[2888] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\00THotkey.exe[2888] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\00THotkey.exe[2888] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\00THotkey.exe[2888] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\TPWRTRAY.EXE[2940] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\TPWRTRAY.EXE[2940] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\TPWRTRAY.EXE[2940] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\TPWRTRAY.EXE[2940] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\TPWRTRAY.EXE[2940] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\TPWRTRAY.EXE[2940] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\TPWRTRAY.EXE[2940] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\TPWRTRAY.EXE[2940] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2984] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2984] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2984] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2984] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2984] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2984] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2984] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2984] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE[3024] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE[3024] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE[3024] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE[3024] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE[3024] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE[3024] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE[3024] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE[3024] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMEEJME.EXE[3060] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMEEJME.EXE[3060] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMEEJME.EXE[3060] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMEEJME.EXE[3060] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMEEJME.EXE[3060] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMEEJME.EXE[3060] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMEEJME.EXE[3060] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMEEJME.EXE[3060] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMESBS32.EXE[3072] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMESBS32.EXE[3072] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMESBS32.EXE[3072] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMESBS32.EXE[3072] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMESBS32.EXE[3072] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMESBS32.EXE[3072] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMESBS32.EXE[3072] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\TME3\TMESBS32.EXE[3072] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\TFNF5.exe[3100] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\TFNF5.exe[3100] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\TFNF5.exe[3100] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\TFNF5.exe[3100] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\TFNF5.exe[3100] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\TFNF5.exe[3100] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\TFNF5.exe[3100] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\TFNF5.exe[3100] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe[3116] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe[3116] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe[3116] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe[3116] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe[3116] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe[3116] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe[3116] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe[3116] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[3208] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[3208] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[3208] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[3208] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[3208] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[3208] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[3208] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Java\jre6\bin\jusched.exe[3208] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Apoint2K\Apoint.exe[3220] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Apoint2K\Apoint.exe[3220] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Apoint2K\Apoint.exe[3220] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Apoint2K\Apoint.exe[3220] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Apoint2K\Apoint.exe[3220] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Apoint2K\Apoint.exe[3220] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Apoint2K\Apoint.exe[3220] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Apoint2K\Apoint.exe[3220] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe[3232] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe[3232] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe[3232] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe[3232] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe[3232] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe[3232] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe[3232] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe[3232] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\D-Link\AirPlus G\AirGCFG.exe[3260] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\D-Link\AirPlus G\AirGCFG.exe[3260] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\D-Link\AirPlus G\AirGCFG.exe[3260] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\D-Link\AirPlus G\AirGCFG.exe[3260] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\D-Link\AirPlus G\AirGCFG.exe[3260] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\D-Link\AirPlus G\AirGCFG.exe[3260] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\D-Link\AirPlus G\AirGCFG.exe[3260] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\D-Link\AirPlus G\AirGCFG.exe[3260] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[3352] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[3352] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[3352] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[3352] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[3352] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[3352] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[3352] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[3352] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3400] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3400] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3400] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3400] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3400] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3400] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3400] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\system32\wuauclt.exe[3400] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\KEnder\Desktop\piij7ce9.exe[3532] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\KEnder\Desktop\piij7ce9.exe[3532] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\KEnder\Desktop\piij7ce9.exe[3532] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\KEnder\Desktop\piij7ce9.exe[3532] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\KEnder\Desktop\piij7ce9.exe[3532] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\KEnder\Desktop\piij7ce9.exe[3532] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\KEnder\Desktop\piij7ce9.exe[3532] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\Dokumente und Einstellungen\KEnder\Desktop\piij7ce9.exe[3532] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\1XConfig.exe[3964] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\1XConfig.exe[3964] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\1XConfig.exe[3964] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10163DF4
.text C:\WINDOWS\System32\1XConfig.exe[3964] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\1XConfig.exe[3964] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10163C3C
.text C:\WINDOWS\System32\1XConfig.exe[3964] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10163E78
.text C:\WINDOWS\System32\1XConfig.exe[3964] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\1XConfig.exe[3964] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\1XConfig.exe[3964] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\1XConfig.exe[3964] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\1XConfig.exe[3964] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\1XConfig.exe[3964] WS2_32.dll!connect 71A1406A 5 Bytes JMP 10163AF0
.text C:\WINDOWS\System32\1XConfig.exe[3964] WS2_32.dll!send 71A1428A 5 Bytes JMP 10163264
.text C:\WINDOWS\System32\1XConfig.exe[3964] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 101627F8
.text C:\WINDOWS\System32\1XConfig.exe[3964] WS2_32.dll!recv 71A1615A 5 Bytes JMP 1016278C
.text C:\WINDOWS\System32\1XConfig.exe[3964] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 10163A9C
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[4044] ntdll.dll!NtAccessCheckByType 7C91D3B8 5 Bytes JMP 20C287BA C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[4044] ntdll.dll!NtImpersonateClientOfPort 7C91DADB 5 Bytes JMP 20C28D81 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[4044] ntdll.dll!NtOpenKey 7C91DD3C 5 Bytes JMP 10003DF4
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[4044] ntdll.dll!NtSetInformationProcess 7C91E62D 5 Bytes JMP 20C289D4 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[4044] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003C3C
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[4044] kernel32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 10003E78
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[4044] kernel32.dll!OpenProcess 7C81E079 5 Bytes JMP 20C28495 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[4044] ADVAPI32.dll!ImpersonateNamedPipeClient 77DA7C97 5 Bytes JMP 20C28E86 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[4044] ADVAPI32.dll!SetThreadToken 77DA7E3D 5 Bytes JMP 20C2905F C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[4044] USER32.dll!FindWindowW 77D3F245 5 Bytes JMP 20C28283 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[4044] USER32.dll!FindWindowA 77D3F3C6 5 Bytes JMP 20C282B8 C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[4044] WS2_32.dll!connect 71A1406A 5 Bytes JMP 10003AF0
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[4044] WS2_32.dll!send 71A1428A 5 Bytes JMP 10003264
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[4044] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 100027F8
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[4044] WS2_32.dll!recv 71A1615A 5 Bytes JMP 1000278C
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[4044] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 10003A9C

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F41F2080] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F41F1E90] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F41F27C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F41F03D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F41F03D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F41F2080] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F41F1E90] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F41F27C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F41F2080] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F41F27C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F41F1E90] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F41F03D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F41F27C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F41F2080] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F41F1E90] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F4213480] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F41F03D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F41F2080] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F41F1E90] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F41F27C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F41F2080] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F41F03D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F41F27C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F41F1E90] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F41E7F40] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F41E7DB0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F41E8170] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F41E77B0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\svchost.exe[184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Avira\AntiVir Desktop\avguard.exe[224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [61A5C2F0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [61A5C2F0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [61A541D0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [61A54A20] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [61A549E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [61A52960] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [61A5C2F0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Programme\CheckPoint\ZAForceField\ForceField.exe[288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Java\jre6\bin\jqs.exe[356] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[376] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\nvsvc32.exe[512] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\RegSrvc.exe[568] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Analog Devices\SoundMAX\SMAgent.exe[620] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\wbem\wmiprvse.exe[656] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[660] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\TOSHIBA\TME3\Tmesbs32.exe[716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\TOSHIBA\TME3\Tmesrv31.exe[756] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\csrss.exe[1264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 20C28385
IAT C:\WINDOWS\system32\spoolsv.exe[1268] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\winlogon.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\services.exe[1336] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\lsass.exe[1348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1684] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\svchost.exe[1724] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\svchost.exe[1924] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\Explorer.EXE[1960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\S24EvMon.exe[2040] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\ctfmon.exe[2092] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Apoint2K\Apntex.exe[2268] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\notepad.exe[2280] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\alg.exe[2684] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\00THotkey.exe[2888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\TPWRTRAY.EXE[2940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\wbem\wmiapsrv.exe[2984] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE[3024] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\TOSHIBA\TME3\TMEEJME.EXE[3060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\TOSHIBA\TME3\TMESBS32.EXE[3072] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\TFNF5.exe[3100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe[3116] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Java\jre6\bin\jusched.exe[3208] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Apoint2K\Apoint.exe[3220] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe[3232] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\D-Link\AirPlus G\AirGCFG.exe[3260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[3352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\system32\wuauclt.exe[3400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\Dokumente und Einstellungen\KEnder\Desktop\piij7ce9.exe[3532] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\1XConfig.exe[3964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)
IAT C:\WINDOWS\System32\wbem\wmiprvse.exe[4044] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [20C28385] C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm ForceField/Check Point Software Technologies)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- EOF - GMER 1.0.15 ----
Seitenanfang Seitenende
30.03.2010, 00:30
Kaithy
...neu hier

Themenstarter

Beiträge: 7
#7 Schritt 1 - Filesharing:

Hab Bittorrent schon vor 1-2 Wochen aus diesem Grund über Systemsteuerung-Software deinstalliert.


Schritt 2 - Teatimer:

Hab ich nach Anleitung deaktiviert.


Schritt 3 - Java:

Hab ich nach Anleitung deinstalliert und wieder neu installiert und aktualisiert.


Schritt 4 - Fixen mit OTL (auch hier leider keine Codetags möglich):

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3027f6f0-4483-11de-9c27-0004234f633e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3027f6f0-4483-11de-9c27-0004234f633e}\ not found.
Item F:\ is whitelisted and cannot be moved.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3027f6f0-4483-11de-9c27-0004234f633e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3027f6f0-4483-11de-9c27-0004234f633e}\ not found.
File F:\AUTORUN.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3027f6f0-4483-11de-9c27-0004234f633e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3027f6f0-4483-11de-9c27-0004234f633e}\ not found.
File F:\AUTORUN.EXE not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
Unable to delete ADS C:\WINDOWS\zllsputility_loc0407.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\winnt256.bmp:KAVICHS .
Unable to delete ADS C:\WINDOWS\winnt.bmp:KAVICHS .
Unable to delete ADS C:\WINDOWS\twunk_32.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\twunk_16.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\TMEVALDD.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ZCfgSvc.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wshde.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wowexec.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wmv9vcm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wmpscheme.xml:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wmpns.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\winsock.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\winoldap.mod:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\winmine.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wfwnet.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\vxblock.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\vjoy.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\vga.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\vfpodbc.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\verifier.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\user.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\unicode.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tssoft32.acm:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\Tsci.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tsbyuv.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tsappcmp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\TPWRSAVE.CPL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\TPWRSAVE.CPL.MANIFEST:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\TPWRREG.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\TPWRADAPT.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\TPSICON.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tosmreg.ini:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tosmreg.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\timer.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\TDEVDETECT.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\system.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\success:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\streamci.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\stdole32.tlb:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\stdole2.tlb:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sqlwoa.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sqlsodbc.chm:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\spxcoins.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sprestrt.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sound.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sortkey.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sol.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\softpub.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sndvol32.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\shell.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\senscfg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\S24MUDLL.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\S24EvMon.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rsvp.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\riched32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\RegSrvc.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rasmxs.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rasmontr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rasdial.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rasautou.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\pxinsi64.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\pxinsa64.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\pxhpinst.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\pxcpyi64.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\pxcpya64.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\PWSOCK32.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\PWIOCB32.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\PsRegApi.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\plugin.ocx:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\PfMgrApi.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\OUTLPERF.INI:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\OUTLPERF.H:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\olesvr32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\oledlg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\olecnv32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\olecli32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\oleaccrc.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\oembios.sig:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\oembios.dat:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\oembios.bin:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ocmanage.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ntvdmd.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ntsdexts.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ntdos.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\NMAPI32.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\netui2.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\netmsg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\netevent.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mycomput.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msxml3r.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msvidc32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msuni11.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mssign32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msports.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msls31.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msisip.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msisam11.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msidntld.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mshearts.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msgsm32.acm:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msg723.acm:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msg711.acm:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mscdexnt.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msacm32.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mouse.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mmdrv.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mindex.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\MFCO40.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mfc42loc.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mfc40loc.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mfc40.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mdimon.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mcd32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mapistub.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mapi32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\main.cpl:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\lz32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\libeay32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\LgNotify.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\l3codecx.ax:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\l_intl.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\keyboard.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdus.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdkor.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdjpn.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdgr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbd106.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbd103.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbd101c.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbd101b.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kb16.com:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ir32_32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\IntelAE5.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\InsSec.scr:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\inetcplc.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\imslsp_install_loc0407.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ifsutil.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\icfgnt5.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\himem.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\getnode.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\gdi.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\freecell.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\fmifs.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\FM20DEU.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\fixmapi.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\exts.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ega.cpi:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\DSndUp.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drwtsn32.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drmclien.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\wmilib.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\usbd.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\swmidi.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\smwdm.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\secdrv.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\s24trans.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\rasirda.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\DRIVERS\pciide.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\parvdm.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\null.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\ndproxy.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\ndistapi.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\mouhid.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\mnmdd.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\DRIVERS\isapnp.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\hidusb.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\DRIVERS\ftdisk.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\fs_rec.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\fips.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\dxgthk.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\dne2000.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\DRIVERS\compbatt.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\cdr4_xp.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\cdaudio.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\beep.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\battc.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\AegisP.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\aeaudio.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\docprop.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dneinobj.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dmocx.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dmintf.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\DivXCodecUpdateChecker.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dbgeng.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\D8021Xps.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ctype.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\cseltbl.ini:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\csellang.ini:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\csellang.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\cselect.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\crtdll.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\country.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\CONFIG.TMP:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\compmgmt.msc:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\command.com:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\comm.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\CleanUp.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\clb.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\charmap.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\calc.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\cacls.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\C1XStngs.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_950.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_949.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_936.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_932.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_875.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_874.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_869.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_866.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_865.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_863.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_861.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_860.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_857.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_855.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_852.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_850.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_775.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_737.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_500.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_437.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_28605.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_28599.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_28592.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_28591.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_21866.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_20866.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_20261.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_20127.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_1258.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_1257.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_1256.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_1255.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_1254.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_1253.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_1252.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_1251.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_1250.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_1026.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_10082.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_10081.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_10079.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_10029.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_10017.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_10010.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_10007.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_10006.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_10000.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\c_037.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\activeds.tlb:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\acctres.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\aaaamon.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\a3d.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\1XConfig.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\12520850.cpx:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\12520437.cpx:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\00THotkey.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\000StTHK.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\$winnt$.inf:KAVICHS .
Unable to delete ADS C:\WINDOWS\system.ini:KAVICHS .
Unable to delete ADS C:\WINDOWS\OEWABLog.txt:KAVICHS .
Unable to delete ADS C:\WINDOWS\ocgen.log:KAVICHS .
Unable to delete ADS C:\WINDOWS\mozver.dat:KAVICHS .
Unable to delete ADS C:\WINDOWS\ltremove.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\IsUninst.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\FaxSetup.log:KAVICHS .
Unable to delete ADS C:\WINDOWS\_default.pif:KAVICHS .
Unable to delete ADS C:\Programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe:KAVICHS .
Unable to delete ADS C:\Programme\TOSHIBA\TME3\Tmesrv31.exe:KAVICHS .
Unable to delete ADS C:\Programme\TOSHIBA\TME3\Tmesbs32.exe:KAVICHS .
Unable to delete ADS C:\Programme\mozilla firefox\plugins\npchime.dll:KAVICHS .
Unable to delete ADS C:\Dokumente und Einstellungen\KEnder\Startmenü\Programme\Autostart\desktop.ini:KAVICHS .
Unable to delete ADS C:\Dokumente und Einstellungen\KEnder\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS .
Unable to delete ADS C:\Dokumente und Einstellungen\KEnder\Eigene Dateien\desktop.ini:KAVICHS .
Unable to delete ADS C:\Dokumente und Einstellungen\KEnder\Desktop\Word.lnk:KAVICHS .
Unable to delete ADS C:\Dokumente und Einstellungen\KEnder\Desktop\Daten.lnk:KAVICHS .
Unable to delete ADS C:\Dokumente und Einstellungen\KEnder\Anwendungsdaten\desktop.ini:KAVICHS .
Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini:KAVICHS .
Unable to delete ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini:KAVICHS .
Unable to delete ADS C:\WINDOWS\Zapotek.bmp:KAVICHS .
Unable to delete ADS C:\WINDOWS\WMSysPrx.prx:KAVICHS .
Unable to delete ADS C:\WINDOWS\WMSysPr9.prx:KAVICHS .
Unable to delete ADS C:\WINDOWS\wmprfDEU.prx:KAVICHS .
Unable to delete ADS C:\WINDOWS\winhelp.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\vmmreg32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\vbaddin.ini:KAVICHS .
Unable to delete ADS C:\WINDOWS\vb.ini:KAVICHS .
Unable to delete ADS C:\WINDOWS\twain.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\tsoc.log:KAVICHS .
Unable to delete ADS C:\WINDOWS\TASKMAN.EXE:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wupdmgr.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wshnetbs.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wshisn.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wshatm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\write.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wpdtrace.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wpdmtpdr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wowfaxui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wowfax.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wowdeb.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wmvdmoe.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wmv8dmod.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wmpstub.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wmiscmgr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wmiprop.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wmimgmt.msc:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wmidx.ocx:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wmerrDEU.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\WLANDLL.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\WISPTIS.EXE:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\Wireless.ico:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\winstrm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\winspool.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\winnls.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\winmsd.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\winhlp32.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\winhelp.hlp:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\winfax.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\winchat.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\win87em.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\win.com:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wifeman.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wiavusd.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wiasf.ax:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\webhits.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wdmioctl.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wdl.trm:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wcfg.bat:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wbdbase.sve:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wbdbase.nld:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wbdbase.ita:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wbdbase.fra:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wbdbase.esn:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wbdbase.enu:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wbdbase.deu:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wbcache.sve:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wbcache.nld:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wbcache.ita:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wbcache.fra:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wbcache.esn:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wbcache.enu:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wbcache.deu:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\wavemsp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\w32topl.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\w32tm.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\vwipxspx.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\vwipxspx.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\vssadmin.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\vss_ps.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\VSFLEX3.OCX:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\vga64k.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\vga256.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\vga.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\verifier.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ver.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\VEN2232.OLB:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\vcdex.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\vbsde.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\VBAME.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\VBADE32.OLB:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\v7vga.rom:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\usrvpa.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\usrvoica.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\usrv80a.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\usrv42a.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\usrsvpia.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\usrshuta.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\usrsdpia.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\usrrtosa.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\usrprbda.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\usrmlnka.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\usrlogon.cmd:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\usrlbva.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\usrfaxa.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\usrdtea.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\usrdpa.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\usrcoina.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\usrcntra.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\USB.ico:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ureg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\unlodctr.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\umdmxfrm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ufat.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\typeperf.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\typelib.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\TWarnMsg.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tutildel.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tsshutdn.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tslabels.ini:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tslabels.h:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tskill.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\TSDTOKEN.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tsdiscon.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tsd32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tscon.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\TSCIEX.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\TSCCALL.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tree.com:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tracert6.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\TPWRTRAY.EXE:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\TPWRTAB.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\TPWRDEL.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\TPIDITST.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\TPIDI32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\TPIDI16.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\toolhelp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\TMESRV.HLP:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\TMEPROP.CPL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tftp.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\termcap:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\telephon.cpl:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tcpsvcs.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tcmsetup.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tcleanup.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\taskman.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tasklist.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\taskkill.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tapiui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tapiperf.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\tapi.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\systray.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\systeminfo.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sysprtj.sep:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sysprint.sep:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\syskey.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sysinv.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sysedit.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\syncapp.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\swprv.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\svcpack.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\subst.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\subrange.uce:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\storage.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\stclient.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sqlwid.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sprio800.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sprio600.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\spnike.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sort.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\SMSUnins.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\SMMedia.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\slbrccsp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\skdll.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sisbkup.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\shiftjis.uce:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\shellstyle.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ShellNav.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\share.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\shadow.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sfmapi.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sfc.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\setver.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\SETUPSUB.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\setupdll.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\setup.bmp:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\serwvdrv.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\services.msc:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\serialui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\secpol.msc:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sdpblb.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\scrrnde.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\scriptpw.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\scripto.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\scredir.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\SCP32.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\scode.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\scardssp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\sc.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\SbrngSvc.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\SbrngAPI.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\S24TRANS:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\s24NCfg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rwinsta.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\runas.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rtm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rsvpsp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rsvpperf.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rsvpmsg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rsvpcnts.h:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rsvp.ini:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rsopprov.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rsmui.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rsmsink.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rsm.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rsfsaps.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rsaci.rat:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rpcns4.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\routetab.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\routemon.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\route.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rnr20.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\results.txt:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\reset.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\replace.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rend.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\relog.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\regwiz.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\regini.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\regedt32.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\recover.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rasser.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rasrad.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rasctrs.ini:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rasctrs.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\rasctrnm.h:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\qwinsta.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\qosname.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\qappsrv.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\PWR.ICO:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\pubprn.vbs:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ptpusb.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\psnppagn.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\PsGuiMgr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\pscript.sep:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\pschdprf.ini:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\pschdprf.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\pschdcnt.h:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\prodspec.ini:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\prnqctl.vbs:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\prnport.vbs:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\prnmngr.vbs:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\prnjobs.vbs:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\prndrvr.vbs:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\prncnfg.vbs:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\print.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\prflbmsg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\PRApplet.cpl:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\Pn802_11.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\pmspl.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\plustab.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ping6.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\pifmgr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\PfWizard.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\PfMgrTool.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\perfwci.ini:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\perfwci.h:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\perfts.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\perfnw.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\perfnet.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\perfi009.dat:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\perfi007.dat:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\perffilt.ini:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\perffilt.h:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\perfd009.dat:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\perfd007.dat:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\perfci.ini:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\perfci.h:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\pentnt.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\pdf2word.DAT:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\pcl.sep:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\pathping.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\paqsp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\panmap.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\pagefileconfig.vbs:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\osuninst.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\olesvr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\olecli.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ole2nls.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ole2disp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ole2.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\odbc16gt.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\nwscript.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\nwevent.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\nwcfg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\nwc.cpl:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\nwapi32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\nwapi16.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\nw16.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ntsd.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ntmsoprq.msc:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ntmsmgr.msc:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ntmsevt.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ntlanui2.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ntlanui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ntimage.gif:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ntdsbcli.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ntdos804.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ntdos412.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ntdos411.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ntdos404.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\nscompat.tlb:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\npwmsdrm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\noise.tha:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\noise.sve:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\noise.nld:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\noise.ita:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\noise.fra:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\noise.esn:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\noise.enu:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\noise.eng:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\noise.deu:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\noise.dat:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\noise.cht:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\noise.chs:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\nlsfunc.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\netware.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\neth.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\netapi.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\net.hlp:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ncxpnt.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ncpa.cpl:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\nbtstat.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\narrhook.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mtxlegih.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mtxex.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mtxdm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msxmlr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msxml2r.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msvideo.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msvcrt20.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msvcp50.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msvbvm50.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msswchx.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msswch.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\MSSTKPRP.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\MSSTDFMT.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mssip32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msrecr40.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msrclr40.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msratelc.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msr2cenu.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msr2c.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\MSPRPDE.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msobjs.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msg.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msencode.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msdtcprf.ini:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msdtcprf.h:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\MSCOMCTL.OCX:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mscat32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msaudite.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msacm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\msaatext.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mrinfo.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mqprfsym.h:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mqperf.ini:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mqperf.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mqoa20.tlb:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mqoa10.tlb:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mqoa.tlb:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mqgentr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mqcertui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mprui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mprmsg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mprdim.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mprddm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mpnotify.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mountvol.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\more.com:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\modex.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mode.com:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mmutilse.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mmtask.tsk:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mmdriver.inf:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mll_qic.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mll_mtf.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mll_hp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mlang.dat:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mimefilt.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\migpwd.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mib.bin:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\MFC42DEU.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mfc40u.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mem.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mdwmdmsp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mdhcp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mciwave.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mciseq.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mciole32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mciole16.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mcicda.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mciavi.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mchgrcoi.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mcdsrv32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\MAPISRVR.EXE:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\MAPI.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\mag_hook.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\lzexpand.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\lusrmgr.msc:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\lprmonui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\lpr.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\lpq.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\logoff.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\login.cmd:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\loghours.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\lodctr.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\loadfix.com:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\lnkstub.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\lights.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\lanman.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\langwrbk.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\LAN.ico:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\label.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\l_except.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\korean.uce:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\key01.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdusx.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdusr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdusl.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbduk.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdsw.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdsp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdsg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdsf.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdpo.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdno.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdnec.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdne.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdmac.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdla.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdit142.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdit.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdir.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdic.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdgr1.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdgae.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdfr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdfo.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdfi.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdfc.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdes.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbddv.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdda.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdcan.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdca.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdbr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdbene.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kbdbe.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kanji_2.uce:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\kanji_1.uce:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\jupdate-1.6.0_01-b06.log:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\jupdate-1.5.0_11-b03.log:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\jobexec.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\jgsh400.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\jgsd400.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\jgpl400.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\jgmd400.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\jgdw400.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\jgaw400.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\jet500.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\irclass.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ipxwan.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ipxsap.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ipxrtmgr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ipxrip.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ipxpromn.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ipxmontr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ipsec6.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\iprtrmgr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\iprtprio.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\iprop.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ipmontr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\iologmsg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\InstHelper.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\InsSecRc.scr:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\INKED.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\infosoft.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\inetwh32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\iissuba.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ieakui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ideograf.uce:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\icmui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\iassvcs.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\iassdo.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\iassam.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\iasrecst.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\iaspolcy.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\iasnap.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\iashlpr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\iasads.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\iasacct.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\HWSETUP.HLP:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\HWSETUP.CPL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\hticons.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\hostname.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\hnetmon.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\help.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\graphics.pro:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\graphics.com:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\graftabl.com:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\gpupdate.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\gpkcsp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\gpedit.msc:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\glmf32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\getuname.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\getmac.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\geo.nls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\gcdef.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\gb2312.uce:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\g711codc.ax:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ftsrch.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\fsutil.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\fsusd.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\fsmgmt.msc:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\format.com:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\forcedos.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\fontsub.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\FM20.DLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\finger.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\find.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\fde.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\fc.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\fastopen.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\expand.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\exe2bin.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\eventvwr.msc:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\eventvwr.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\eventtriggers.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\eventquery.vbs:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\eventcls.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\eula.txt:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\esentutl.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\esentprf.ini:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\esentprf.hxx:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\esentprf.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\esent97.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\EqnClass.Dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\EncHWLst:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\emptyregdb.dat:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\edlin.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\edit.hlp:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\edit.com:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dvdplay.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dssec.dat:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dsound.vxd:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dskquoui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dsauth.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\ds16gt.dLL:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drwatson.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drmstor.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\vdmindvd.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\usbcamd2.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\usbcamd.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\DRIVERS\TVALG.SYS:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\DRIVERS\TVALD.SYS:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\tsbvcap.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\tosdvd.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\TMEI3E.SYS:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\smsens.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\smclib.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\RMCast.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\riodrv.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\rio8drv.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\rawwan.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\oprghdlr.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\nwlnkspx.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\nwlnknb.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\nikedrv.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\mcd.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\gmreadme.txt:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\gm.dls:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\fsvga.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\enum1394.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\dxapi.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\cpqdap01.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\cinemst2.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\cbidf2k.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\atmuni.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\atmepvc.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\drivers\acpiec.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\driverquery.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dpwsock.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dpserial.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dpnwsock.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dpnmodem.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dplay.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\doskey.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dmview.ocx:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dmdlgs.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dmconfig.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllhst3g.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\zoneoc.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\zonelibm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\zoneclim.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\znetm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\zeeverm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\zcorem.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\zclientm.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wupdmgr.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wshnetbs.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wshisn.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wshde.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wshatm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ws2ifsl.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\write.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wowexec.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wowdeb.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wmvdmoe.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wmv8dmod.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wmpvis.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wmpstub.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wmmutil.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wmmres.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wmmfilt.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wmitimep.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wmiscmgr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wmiprop.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wmipicmp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wmimsg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wmilib.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wmidx.ocx:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wmi2xml.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wmerrdeu.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wisc10.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\winstrm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\winspool.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\winsock.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\winnls.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\winmsd.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\winmine.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\winmgmtr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\winmgmt.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\winhstb.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\winhelp.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wingb.ime:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\winfax.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\winchat.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\win87em.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wifeman.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wiavusd.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wiasf.ax:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wfwnet.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\weitekp9.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\weitekp9.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\webhits.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wbemdisp.tlb:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wbemads.tlb:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wbemads.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wb32.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wavemsp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wamregps.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\wamps51.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\w3svapi.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\w3ext.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\w3ctrs51.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\w32topl.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\w32tm.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\w32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\vwipxspx.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\vwipxspx.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\vssadmin.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\vss_ps.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\vmmreg32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\vjoy.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\vgaoem.fon:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\vga64k.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\vga256.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\vga.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\vga.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\verifier.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\verifier.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ver.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\vcdex.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\vbsde.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\utildll.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\user.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ureg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\updprov.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\unsecapp.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\unlodctr.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\uniansi.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\umdmxfrm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ufat.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\typeperf.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\typelib.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\twunk_32.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\twunk_16.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\twain.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tsshutdn.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tsprof.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tskill.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tsdiscon.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tsd32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tscon.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tsappcmp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\trnsprov.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\trialoc.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\traffic.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tracert6.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tourW.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tools.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\toolhelp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tmplprov.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\timer.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\thawbrkr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tftp.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\telephon.cpl:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tdspx.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tdipx.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tdasync.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tcpsvcs.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tcmsetup.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\taskman.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tasklist.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\taskkill.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tapiui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tapiperf.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\tapi.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\systray.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\system.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\syskey.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sysinv.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sysinfo.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sysedit.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\syncapp.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\swprv.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\swmidi.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\svcpack.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\subst.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\storage.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\stdole32.tlb:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\stdole2.tlb:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\stdole.tlb:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\stclient.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\status.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\srusbusd.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\srframe.mmf:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\srdiag.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\spxcoins.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\spttseng.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sprestrt.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\spcplui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\spcommon.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sound.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sort.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sol.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\softpub.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\softkey.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\snmpstup.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sndvol32.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\smtpcons.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\smimsgif.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\smierrsy.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\smierrsm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\smclib.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\smcirda.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\smb6w.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sma3w.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sm9aw.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sm93w.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sm92w.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sm90w.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sm8dw.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sm8cw.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sm8aw.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sm89w.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sm87w.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sm81w.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sm59w.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\slbrccsp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\skdll.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sisbkup.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\simptcp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\shvlzm.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\shvlres.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\shvl.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\shell.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\share.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\shadow.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sfmapi.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sfc.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\setupdll.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\serwvdrv.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\serialui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\senscfg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sdpblb.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\scrrnde.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\scriptpw.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\scripto.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\script.fon:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\scredir.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\scode.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\scardssp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sc.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sapisvr.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sam.spd:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\sam.sdf:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rwinsta.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rwia330.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rwia001.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rw330ext.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rw001ext.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rvsezm.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rvseres.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rvse.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\runas.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rtm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rsvpsp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rsvpperf.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rsvpmsg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rsvp.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rsopprov.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rsmui.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rsmsink.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rsm.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rsfsaps.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rpcns4.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\routetab.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\routemon.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\route.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rootmdm.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rnr20.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rmcast.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\riched32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\reset.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\replace.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rend.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\relog.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\regwiz.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\register.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\regini.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\regedt32.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\recover.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rdpcfgex.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rdpcdd.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rawwan.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rasser.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rasrad.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\raspti.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rasmxs.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rasmontr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rasirda.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rasdial.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rasctrs.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rasautou.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\rasacd.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\r1033tts.lxa:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\qwinsta.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\quser.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\query.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\qosname.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\qappsrv.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\pubprn.vbs:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ptilink.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\psnppagn.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\pschdprf.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\prnqctl.vbs:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\prnport.vbs:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\prnmngr.vbs:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\prnjobs.vbs:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\prndrvr.vbs:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\prncnfg.vbs:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\print.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\prflbmsg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\pmxviceo.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\pmxmcro.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\pmxgl.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\pmspl.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\plustab.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\plugin.ocx:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ping6.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\pifmgr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\permchk.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\perfts.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\perfnw.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\perfnet.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\pentnt.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\pciide.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\pathping.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\parvdm.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\partmgr.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\panmap.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\pagefile.vbs:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\pagecnt.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\padrs412.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\padrs411.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\osuninst.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\olethk32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\olesvr32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\olesvr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\oledlg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\olecnv32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\olecli32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\olecli.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\oleaccrc.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\oleacc.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ole2nls.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ole2disp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ole2.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\oembios.sig:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\oembios.dat:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\OEMBIOS.CAT:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\oembios.bin:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\odbc16gt.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ocmanage.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\nwscript.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\nwlnkspx.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\nwlnknb.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\nwlnkfwd.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\nwlnkflt.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\nwevent.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\nwcfg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\nwc.cpl:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\nwapi32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\nwapi16.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\nw16.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\null.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ntvdmd.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ntsdexts.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ntsd.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ntmsevt.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ntlanui2.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ntlanui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ntdsbcli.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ntdos804.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ntdos412.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ntdos411.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ntdos404.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ntdos.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\NT5IIS.CAT:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\notiflag.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\nmevtmsg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\nlsfunc.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\nls302en.lex:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\nextlink.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\netui2.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\netmsg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\neth.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\netevent.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\netapi.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ndproxy.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ndistapi.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ncxpnt.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ncpa.cpl:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\nbtstat.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\narrhook.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mycomput.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\MW770.CAT:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\multibox.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\muisetup.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mtxlegih.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mtxex.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mtxdm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mtstocom.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mtsadmin.tlb:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msxmlr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msxml3r.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msxml2r.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msvideo.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msvidc32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msvcrt20.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msvcp50.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msuni11.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msswchx.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msswch.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mssoapr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mssoap1.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mssip32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mssign32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msratelc.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msr2cenu.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msr2c.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msports.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msoobe.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msobjs.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msls31.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msisip.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msisam11.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msir3jp.lex:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msir3jp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msiprov.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msinfo32.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msimsg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msihnd.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msiexec.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msidntld.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msi.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mshearts.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msg.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msdtcstp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mscdexnt.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mscat32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msaudite.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msacm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\msaatext.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mrinfo.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mqperf.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mqoa20.tlb:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mqoa10.tlb:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mqoa.tlb:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mqgentr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mqcertui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mprui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mprmsg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mprdim.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mprddm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mpnotify.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mouse.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mountvol.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mouhid.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\modex.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\modern.fon:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mnmdd.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mmutilse.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mmtask.tsk:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mmdrv.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mll_qic.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mll_mtf.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mll_hp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mindex.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mimefilt.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\migisol.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mga.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mga.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mfc42deu.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mfc40u.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mfc40deu.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mfc40.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\metal_ss.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mem.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mdsync.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mdhcp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mciwave.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mciseq.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mciole32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mciole16.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mcicda.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mciavi.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mchgrcoi.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mcdsrv32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mcd32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mcd.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\MAPIMIG.CAT:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\main.cpl:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\mag_hook.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\lzexpand.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\lz32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ltts1033.lxa:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ltsm.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\lprmonui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\lpr.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\lpq.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\logscrpt.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\logoff.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\loghours.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\lodctr.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\lnkstub.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\lights.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\langwrbk.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\label.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\korwbrkr.lex:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\korwbrkr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\keyboard.drv:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\key01.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kdcom.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdycl.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdycc.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdvntc.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbduzb.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdusx.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdusr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdusl.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdusa.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdus.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdurdu.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdur.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbduk.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdtuq.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdtuf.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdth3.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdth2.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdth1.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdth0.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdtat.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdsyr2.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdsyr1.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdsw.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdsp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdsl1.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdsl.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdsg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdsf.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdru1.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdru.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdro.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdpo.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdpl1.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdpl.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdno.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdnecnt.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdnecat.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdnec95.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdnec.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdne.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdmon.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdmac.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdlv1.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdlv.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdlt1.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdlt.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdlk41j.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdlk41a.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdla.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdkyr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdkor.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdkaz.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdjpn.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdit142.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdit.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdir.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdintel.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdintam.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdinpun.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdinmar.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdinkan.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdinhin.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdinguj.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdindev.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdic.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdibm02.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdhu1.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdhu.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdhept.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdhela3.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdhela2.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdheb.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdhe319.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdhe220.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdhe.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdgr1.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdgr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdgkl.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdgeo.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdgae.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdfr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdfo.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdfi.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdfc.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdfa.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdest.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdes.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbddv.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbddiv2.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbddiv1.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdda.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdcz2.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdcz1.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdcz.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdcr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdcan.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdca.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdbu.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdbr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdblr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdbene.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdbe.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdazel.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdaze.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdax2.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdarmw.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdarme.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbdal.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbda3.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbda2.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbda1.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbd106n.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbd106.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbd103.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbd101c.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbd101b.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbd101a.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\kbd101.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\jupiw.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\jsde.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\jobexec.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\jgsh400.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\jgsd400.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\jgpl400.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\jgmd400.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\jgdw400.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\jgaw400.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\jet500.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iwrps.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\isignup.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\isapnp.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\isapips.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\irclass.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ipxwan.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ipxsap.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ipxrtmgr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ipxrip.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ipxpromn.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ipxmontr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ipsec6.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iprtrmgr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iprtprio.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iprop.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ipmontr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ipfltdrv.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iologmsg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\infosoft.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\infoctrs.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\inetsloc.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\inetmgr.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\inetcplc.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\imskf.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\imskdic.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\imsinsnt.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\imkrinst.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\imjpuex.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\imjpdadm.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\imepadsv.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\imepadsm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\imekrmig.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\imekr.lex:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iisui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iissync.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iissuba.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iisrstap.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iisreset.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iismui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iiscrmap.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iisclex4.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ifsutil.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ieinfo5.ocx:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ieakui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\icwtutor.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\icwres.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\icmui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\icfgnt5.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iassvcs.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iassdo.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iassam.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iasrecst.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iaspolcy.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\IASNT4.CAT:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iasnap.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iashlpr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iasads.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\iasacct.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\hwxkor.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\hwxjpn.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\hwxcht.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\htrn_jis.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\hrtzzm.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\hrtzres.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\hrtz.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\HPCRDP.CAT:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\hostname.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\home_ss.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\hnetmon.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\hlink.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\himem.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\hidusb.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\hhctrlui.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\helphost.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\help.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\hcappres.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\hanjadic.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\hanja.lex:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\gpupdate.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\gpkcsp.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\glmf32.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\getuname.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\getmac.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\gdi.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\gcdef.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\g711codc.ax:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\fxssend.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\fxsroute.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\fxsclntr.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\fxscfgwz.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\fwdprov.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ftsrch.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ftpsapi2.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ftpctrs2.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\ftlx041e.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\fsutil.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\fsusd.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\fsconins.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\fs_rec.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\freecell.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\framdit.ttf:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\framd.ttf:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\forcedos.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\fontsub.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\fmifs.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\flattemp.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\fixmapi.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\fips.sys:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\finger.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\find.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\fde.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\fc.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\fastopen.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\f3ahvoas.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\exts.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\expand.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\exe2bin.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\EXCH_smtpsvc.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\EXCH_seos.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\EXCH_seo.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\EXCH_scripto.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\evtrig.exe:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\evtquery.vbs:KAVICHS .
Unable to delete ADS C:\WINDOWS\System32\dllcache\eventvwr.exe:KAVICHS .
ADS C:\WINDOWS\System32\dllcache\eventcls.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\et4000.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\esunid.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\esuimgd.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\esucmd.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\esentutl.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\esentprf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\esent97.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\eqnclass.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\edlin.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\edb500.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\e100b325.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dxgthk.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dxapi.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dwil1033.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dsprov.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dskquoui.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dsauth.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\ds16gt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\drwtsn32.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\drwatson.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\drvqry.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\drmstor.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\drmclien.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dpwsock.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dpserial.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dpnwsock.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dpnmodem.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dplay.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\doskey.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dosapp.fon:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\docprop.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dmview.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dmocx.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dmload.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dmintf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dmdskres.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dmdlgs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dmconfig.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dllhst3g.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dispex.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\diskperf.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\diskcopy.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dimap.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\diactfrm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dhcpsapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dhcpmon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dgsetup.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dgrpsetu.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dfrgres.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\deskperf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\deskmon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\deskadp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\debug.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\ddeml.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dcomcnfg.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\dbgeng.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\datime.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\d3dxof.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\d3drm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\d3dramp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\d3dpmesh.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\d3dim.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\ctl3dv2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\ctl3d32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\csseqchk.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\crtdll.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\cprofile.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\country.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\counters.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\convlog.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\convert.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\controt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\control.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\console.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\confmsp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\comsnap.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\comsetup.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\comrereg.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\comrepl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\compobj.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\compact.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\comp.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\commdlg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\comcat.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\comaddin.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\cnvfat.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\cnetcfg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\cmpbk32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\cmnresm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\cmnclim.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\clb.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\class_ss.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\ckcnv.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\cidaemon.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\cic.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\ciadmin.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\chtbrkr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\chsbrkr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\chkrzm.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\chkrres.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\chkr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\chkntfs.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\chkdsk.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\chgusr.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\chgport.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\chglogon.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\charmap.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\change.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\certmap.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\cdmodem.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\ccfgnt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\cb32.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\cards.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\capesnpn.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\cap7146.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\calc.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\cacls.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\c_iscii.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\c_is2022.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\c_g18030.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\brpinfo.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\browscap.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\bootvrfy.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\bootvid.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\bootok.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\bootcfg.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\bnts.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\blue_ss.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\beep.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\bckgzm.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\bckgres.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\bckg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\avwav.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\avtapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\avmeter.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\avifile.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\avicap32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\avicap.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\autodisc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\authfilt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\attrib.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\atrace.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\atmuni.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\atmpvcno.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\atmepvc.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\atkctrs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\asr_ldm.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\asptxn.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\aspperf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\arp.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\append.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\apcups.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\ansi.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt0c0a.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt0816.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt0804.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt041f.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt041d.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt0419.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt0416.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt0415.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt0414.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt0413.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt0412.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt0411.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt0410.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt040e.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt040d.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt040c.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt040b.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt0409.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt0408.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt0407.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt0406.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt0405.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt0404.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\agt0401.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\adsnw.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\adsnds.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\adrot.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\adptif.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\admxprox.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\activeds.tlb:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\acledit.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\acctres.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\aaaamon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\a3d.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\12520850.cpx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dllcache\12520437.cpx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dispex.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\diskperf.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\diskmgmt.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\diskcopy.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\diskcopy.com:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\diskcomp.com:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dimap.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\diactfrm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dhcpsapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dhcpmon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dgsetup.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dfrg.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\devmgmt.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\deskperf.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\deskmon.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\deskadp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\debug.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ddeml.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dcomcnfg.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dbmsvinn.dLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dbmsadsn.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\datime.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\d3dxof.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\d3drm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\d3dramp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\d3dpmesh.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\d3dim.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\csseqchk.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\convert.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\control.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\console.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\confmsp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CONFIG.NT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\comsnap.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\comrepl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\compobj.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\compact.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\comp.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\commdlg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\comcat.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\comaddin.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cnvfat.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CNMVS79.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CNMLM79.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cnetcfg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cmpbk32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cmos.ram:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cmmgr32.hlp:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cmdlib.wsc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cliconf.chm:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ckcnv.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cidaemon.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cic.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ciadv.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\chkntfs.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\chkdsk.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\chcp.com:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Channels anzeigen.scf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\certmgr.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cdmodem.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ccfgnt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\capesnpn.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_28598.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_28597.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_28595.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\C_28594.NLS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_28593.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\c_20905.nls:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\bopomofo.uce:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\bootvrfy.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\bootok.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\bootcfg.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\bios4.rom:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\bios1.rom:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\avwav.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\avtapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\avmeter.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\avifile.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\avicap32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\avicap.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\autodisc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\attrib.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\atrace.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\atmpvcno.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\atkctrs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ATHPRXY.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\asr_ldm.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\arp.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\append.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\apcups.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ansi.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\amcompat.tlb:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\adsnw.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\adsnds.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\adptif.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\AdHocWiz.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\acledit.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\acelpdec.ax:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\WFWNET.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\VGA.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\VER.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\TIMER.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\TAPI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\SYSTEM.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\stdole.tlb:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\SOUND.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\SHELL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\setup.inf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\OLESVR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\OLECLI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MSVIDEO.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MOUSE.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MMTASK.TSK:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MCIWAVE.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MCISEQ.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MCIAVI.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\LZEXPAND.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\COMMDLG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\AVIFILE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\AVICAP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\svcpack.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\SetupWLD.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\setuplog.txt:KAVICHS deleted successfully.
ADS C:\WINDOWS\setuperr.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\setupact.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\sessmgr.setup.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Seifenblase.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\Santa Fe-Stuck.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\Rhododendron.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\regopt.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\REGLOCS.OLD:KAVICHS deleted successfully.
ADS C:\WINDOWS\Präriewind.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\pdf2rtf.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\ODBCINST.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\ODBC.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\ocmsn.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\ntdtcsetup.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\msmqinst.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\msgsocm.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\msdfmap.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\ModemLog_TOSHIBA Software Modem AMR.txt:KAVICHS deleted successfully.
ADS C:\WINDOWS\KB893803v2.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Kaffeetasse.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\IsUn0407.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\iis6.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Granit.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\Feder.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\Fächer.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\explorer.scf:KAVICHS deleted successfully.
ADS C:\WINDOWS\DtcInstall.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\DirectX.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\comsetup.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\clock.avi:KAVICHS deleted successfully.
ADS C:\WINDOWS\chipset.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Blaue Spitzen 16.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\Angler.bmp:KAVICHS deleted successfully.
ADS C:\Programme\mozilla firefox\plugins\NPOFFICE.DLL:KAVICHS deleted successfully.
ADS C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE:KAVICHS deleted successfully.
ADS C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\wmsetup.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\win.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\wiaservc.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wpa.dbl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS deleted successfully.
ADS C:\WINDOWS\setupapi.log.0.old:KAVICHS deleted successfully.
ADS C:\WINDOWS\SchedLgU.Txt:KAVICHS deleted successfully.
ADS C:\WINDOWS\bootstat.dat:KAVICHS deleted successfully.
ADS C:\Dokumente und Einstellungen\KEnder\ntuser.ini:KAVICHS deleted successfully.
ADS C:\Dokumente und Einstellungen\KEnder\Lokale Einstellungen\Anwendungsdaten\IconCache.db:KAVICHS deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Desktop\ZoomBrowser EX.lnk:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pxwave.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\px.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Drivers\PxHelp20.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\Windows Update.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WiFiAdap.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WConfig.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\utildll.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\traffic.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Thci.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pxsfs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pxmas.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pxdrv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pxafs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\olethk32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\oleacc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msimsg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msihnd.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msiexec.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LsaWrApi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kdcom.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\jsde.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\imsinstall_loc0407.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hlink.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\partmgr.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\cdralw2k.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dmdskres.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dfrgres.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ctl3d32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ciadmin.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cards.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\bootvid.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\00THotkey.exe.manifest:KAVICHS deleted successfully.
ADS C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE:KAVICHS deleted successfully.
ADS C:\Dokumente und Einstellungen\KEnder\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT:KAVICHS deleted successfully.
ADS C:\Dokumente und Einstellungen\KEnder\Desktop\Mozilla Firefox.lnk:KAVICHS deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Dokumente\desktop.ini:KAVICHS deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk:KAVICHS deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Desktop\InterVideo WinDVD 4.lnk:KAVICHS deleted successfully.
Unable to delete ADS C:\boot.ini:KAVICHS .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: KEnder
->Temp folder emptied: 26731825 bytes
->Temporary Internet Files folder emptied: 23688241 bytes
->Java cache emptied: 50602337 bytes
->FireFox cache emptied: 86208401 bytes
->Flash cache emptied: 48929 bytes

User: LocalService
->Temp folder emptied: 1061560 bytes
->Temporary Internet Files folder emptied: 84344 bytes

User: NetworkService
->Temp folder emptied: 1061560 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1119339 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1227464 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 183,00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 03292010_235524

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\KEnder\Lokale Einstellungen\Temp\~DFAABC.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT00bf9.TMP not found!

Registry entries deleted on Reboot...



Der Neustart wurde durchgeführt.


Schritt 5 - Malwarebites:

Quickscan wurde durchgeführt, 3 Ergebnisse mit Entfernen und Neustart:

Code

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3930

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

30.03.2010 00:12:39
mbam-log-2010-03-30 (00-12-39).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 100921
Laufzeit: 5 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Nach dem Neustart hat Antivir den Trojaner aber immer noch gemeldet.

Danke inzwischen für die Hilfe und vor allem für die ausführlichen Anweisungen!
Seitenanfang Seitenende
30.03.2010, 18:39
Swisstreasure
Moderator

Beiträge: 5694
#8 Schritt 1

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.
BleepingComputer
ForoSpyware**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**




• Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
• Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
• Bitte füge das C:\ComboFix.txt Log in deiner Antwort im Forum bei, so dass wir uns diese analysieren können.

Schritt 2

F-Secure Onlinescanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
• Unterstützte Betriebssysteme: Windows 2000, Windows XP und Windows Vista (32bit)
Bitte den Internet Explorer unbedingt mit Rechtsklick auf das Icon und als Administrator starten.
• Einen Haken bei "I have read and accepted the license terms".
• Den Button "Install" drücken.
• IE-User müssen die Installation des ActiveX Elements erlauben und auf "Installieren" klicken.
• Firefox-User müssen die Installation des Firefox Addons erlauben und anschließend den Firefox neu starten.
• Den Button "Start" drücken.
• "Full Scan" einstellen und den Button "Start" drücken.
• Die Signaturen werden heruntergeladen.
• Der Scan beginnt automatisch.
• Scanende (Finish).
• Bei Funden benutze => Automatische Bereinigung (Automatically)
• und klicke auf den Button "Next".
• Bericht anzeigen, indem Du auf den Button "Full report" klickst.
• Menü => Datei => Seite speichern unter
Dateityp auf Textdatei umstellen und
• auf dem Desktop als f-secure.txtspeichern.
• Log hier posten.Deinstallation
Firefox:
Addon über Extras => F-Secure deinstallieren.


Schritt 3

ADS Spy
lade: ADSSpy auf den Desktop

- Entzippen
- Quick scan
- Ignore system info data streams
- Calculate MD5 checksums of streams' contents

wenn der Scan beendet ist, klicke mit der rechten Maustaste auf das Fenster
Save scan results to disk

nenne die textdatei (z.B) scan.txt -> speichern
nun erscheint auf dem Bildschirm : ADS Spy -> mit der rechten maustaste den Text markieren -> kopieren -> im Forum, wo du einen Beitrag eroeffnet hast -> einfuegen
Seitenanfang Seitenende
30.03.2010, 23:00
Kaithy
...neu hier

Themenstarter

Beiträge: 7
#9 Schritt 1 - ComboFix:

Code

ComboFix 10-03-29.04 - KEnder 30.03.2010  19:08:09.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.49.1031.18.511.293 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\KEnder\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokume~1\KEnder\LOKALE~1\oqpe.bak
F:\Autorun.inf

.
(((((((((((((((((((((((   Dateien erstellt von 2010-02-28 bis 2010-03-30  ))))))))))))))))))))))))))))))
.

2010-03-29 22:05 . 2010-03-29 22:05    --------    d-----w-    c:\dokumente und einstellungen\KEnder\Anwendungsdaten\Malwarebytes
2010-03-29 22:05 . 2010-03-29 13:24    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:05 . 2010-03-29 22:05    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-03-29 22:05 . 2010-03-29 22:05    --------    d-----w-    c:\programme\Malwarebytes' Anti-Malware
2010-03-29 22:05 . 2010-03-29 13:24    20824    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-03-29 21:45 . 2010-03-29 21:45    --------    d-----w-    C:\_OTL
2010-03-29 21:41 . 2010-03-29 21:41    --------    d-----w-    c:\programme\Gemeinsame Dateien\Java
2010-03-29 21:39 . 2010-03-29 21:39    --------    d-----w-    c:\programme\Java
2010-03-26 18:19 . 2010-03-26 20:39    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-03-26 18:19 . 2010-03-26 18:30    --------    d-----w-    c:\programme\Spybot
2010-03-26 17:57 . 2009-03-30 08:33    96104    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2010-03-26 17:57 . 2009-02-13 10:29    22360    ----a-w-    c:\windows\system32\drivers\avgntmgr.sys
2010-03-26 17:57 . 2009-02-13 10:17    45416    ----a-w-    c:\windows\system32\drivers\avgntdd.sys
2010-03-26 17:57 . 2010-03-26 17:57    --------    d-----w-    c:\programme\Avira
2010-03-26 17:57 . 2010-03-26 17:57    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2010-03-17 23:08 . 2010-03-17 23:08    --------    d-----w-    c:\dokumente und einstellungen\KEnder\Anwendungsdaten\CheckPoint
2010-03-17 23:07 . 2010-03-17 23:07    --------    d-----w-    c:\programme\CheckPoint
2010-03-17 23:07 . 2009-12-04 15:34    1238408    ----a-w-    c:\windows\system32\zpeng25.dll
2010-03-17 23:05 . 2008-01-17 17:59    713216    -c----w-    c:\windows\system32\dllcache\sxs.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-30 17:24 . 2008-05-15 17:22    5215609    ----a-w-    c:\windows\Internet Logs\tvDebug.Zip
2010-03-30 17:21 . 2007-03-12 16:10    --------    d-----w-    c:\dokumente und einstellungen\KEnder\Anwendungsdaten\Skype
2010-03-29 22:19 . 2007-03-12 22:06    44264    ----a-w-    c:\dokumente und einstellungen\KEnder\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-03-29 21:40 . 2010-03-29 21:40    503808    ----a-w-    c:\dokumente und einstellungen\KEnder\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24fcd868-n\msvcp71.dll
2010-03-29 21:40 . 2010-03-29 21:40    499712    ----a-w-    c:\dokumente und einstellungen\KEnder\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24fcd868-n\jmc.dll
2010-03-29 21:40 . 2010-03-29 21:40    348160    ----a-w-    c:\dokumente und einstellungen\KEnder\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24fcd868-n\msvcr71.dll
2010-03-29 21:40 . 2010-03-29 21:40    61440    ----a-w-    c:\dokumente und einstellungen\KEnder\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2b88401a-n\decora-sse.dll
2010-03-29 21:40 . 2010-03-29 21:40    12800    ----a-w-    c:\dokumente und einstellungen\KEnder\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2b88401a-n\decora-d3d.dll
2010-03-29 21:39 . 2010-01-29 15:52    411368    ----a-w-    c:\windows\system32\deploytk.dll
2010-03-29 17:33 . 2001-08-23 11:00    71994    ----a-w-    c:\windows\system32\perfc007.dat
2010-03-29 17:33 . 2001-08-23 11:00    409192    ----a-w-    c:\windows\system32\perfh007.dat
2010-03-26 20:57 . 2007-03-12 14:30    --------    d--h--w-    c:\programme\InstallShield Installation Information
2010-03-26 20:54 . 2007-03-12 16:58    --------    d-----w-    c:\programme\Ahead
2010-03-26 20:53 . 2007-04-13 10:46    --------    d-----w-    c:\dokumente und einstellungen\KEnder\Anwendungsdaten\BitTorrent
2010-03-26 20:53 . 2007-04-13 10:44    --------    d-----w-    c:\programme\BitTorrent
2010-03-26 20:52 . 2007-03-12 16:41    --------    d-----w-    c:\programme\Gemeinsame Dateien\Adobe
2010-03-21 14:28 . 2007-03-12 16:46    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer
2010-03-21 14:26 . 2008-12-08 18:50    --------    d-----w-    c:\programme\HartlauerFotoService
2010-03-17 23:07 . 2007-03-12 15:23    4212    ---ha-w-    c:\windows\system32\zllictbl.dat
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2009-09-02 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"nwiz"="nwiz.exe" [2002-12-12 438272]
"00THotkey"="c:\windows\System32\00THotkey.exe" [2003-02-11 249856]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Tpwrtray"="TPWRTRAY.EXE" [2003-01-17 221184]
"TMESRV.EXE"="c:\programme\TOSHIBA\TME3\TMESRV31.EXE" [2003-02-12 110592]
"TMERzCtl.EXE"="c:\programme\TOSHIBA\TME3\TMERzCtl.EXE" [2003-02-12 57344]
"TMEEJME.EXE"="c:\programme\TOSHIBA\TME3\TMEEJME.EXE" [2003-02-12 49152]
"TMESBS.EXE"="c:\programme\TOSHIBA\TME3\TMESBS32.EXE" [2003-02-12 65536]
"TFNF5"="TFNF5.exe" [2001-09-04 69632]
"TosHKCW.exe"="c:\programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 49152]
"ZCfgSvc.exe"="c:\windows\System32\ZCfgSvc.exe" [2006-08-03 639040]
"PRONoMgr.exe"="c:\programme\Intel\NCS\PROSet\PRONoMgr.exe" [2005-07-07 135168]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2002-12-25 159744]
"ANIWZCS2Service"="c:\programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"D-Link AirPlus G"="c:\programme\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192]
"ZoneAlarm Client"="c:\programme\Zone Labs\ZoneAlarm\zlclient.exe" [2009-12-04 1037192]
"ISW"="c:\programme\CheckPoint\ZAForceField\ForceField.exe" [2009-10-27 730480]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2006-08-03 02:20    188482    ----a-w-    c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [12.03.2007 17:05 5760]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\Avira\AntiVir Desktop\sched.exe [26.03.2010 19:57 108289]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\programme\CheckPoint\ZAForceField\ISWKL.sys [27.10.2009 17:58 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\programme\CheckPoint\ZAForceField\ISWSVC.exe [27.10.2009 17:58 476528]
R2 Tmesbs;Tmesbs32;c:\programme\Toshiba\TME3\TMESBS32.EXE [12.03.2007 17:05 65536]
R2 Tmesrv;Tmesrv3;c:\programme\Toshiba\TME3\TMESRV31.EXE [12.03.2007 17:05 110592]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.oebb.at/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\KEnder\Anwendungsdaten\Mozilla\Firefox\Profiles\ctg8c2nv.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - derstandard.at
FF - component: c:\programme\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\dokumente und einstellungen\KEnder\Anwendungsdaten\Mozilla\Firefox\Profiles\ctg8c2nv.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\dokumente und einstellungen\KEnder\Anwendungsdaten\Mozilla\Firefox\Profiles\ctg8c2nv.default\extensions\safeview@cdisys.com\platform\WINNT_x86-msvc\plugins\npSafeview3.dll
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npchime.dll

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-30 19:19
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1284)
c:\windows\System32\LgNotify.dll
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(1340)
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(3708)
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\programme\TOSHIBA\TME3\TMEEJMD.DLL
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\S24EvMon.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Cisco Systems\VPN Client\cvpnd.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\RegSrvc.exe
c:\programme\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\1XConfig.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TPWRTRAY.EXE
c:\windows\system32\TFNF5.exe
c:\programme\Apoint2K\Apntex.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-03-30  19:27:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-03-30 17:27

Vor Suchlauf: 8 Verzeichnis(se), 11.909.058.560 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 12.625.068.032 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 407BC3AECF2EA4B05FE4CA7A4C9CE447
Schritt 2 - F-Secure-Scan:

Code

Scanbericht
Dienstag, März 30, 2010 20:07:37 - 21:08:51

Name des Computers: KATHARINA
Scantyp: Scansystem für Malware, Spyware und Rootkits
Ziel: C:\ D:\ F:\
1 Malware gefunden
TrackingCookie.Doubleclick (Spyware)

    * System (Desinfiziert) 

Statistik
Gescannt:

    * Dateien: 35424
    * System: 2960
    * Nicht gescannt: 8 

Aktionen:

    * Desinfiziert: 1
    * Umbenannt: 0
    * Gelöscht: 0
    * Nicht bereinigt: 0
    * Übermittelt: 0 

Nicht gescannte Dateien:

    * C:\PAGEFILE.SYS
    * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    * C:\WINDOWS\SYSTEM32\CONFIG\SAM
    * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    * C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE
    * C:\DOKUMENTE UND EINSTELLUNGEN\KENDER\ANWENDUNGSDATEN\CHECKPOINT\ZONEALARM TOOLBAR\SITES 

Optionen
Scan-Engines:

Scanoptionen:

    * Festgelegte Dateien scannen: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
    * Erweiterte Heuristik verwenden

      Copyright © 1998-2009 Produktsupport | Virusbeispiel an F-Secure senden
      F-Secure übernimmt keine Verantwortung für Material, das von Drittparteien erstellt oder veröffentlicht wurde, die mit den WWW-Seiten von F-Secure verlinkt sind. Falls von Ihnen nicht ausdrücklich anders angegeben, stimmen Sie durch das Übermitteln von Material auf einen unserer Server, zum Beispiel per E-Mail oder über F-Secure CGI E-Mail, zu, dass das von Ihnen zur Verfügung gestellte Material auf den WWW-Seiten von F-Secure oder in gedruckten Publikationen von F-Secure veröffentlicht werden darf. Sie gelangen auf die öffentliche Website von F-Secure, indem Sie auf unterstrichene Links klicken. Dabei wird Ihr Zugriff in unserer privaten Zugriffsstatistik mit Ihrem Domänennamen protokolliert. Diese Informationen werden nicht an Dritte weitergeleitet. Sie erklären sich damit einverstanden, in Zusammenhang mit von Ihnen übermitteltem Material keine rechtlichen Schritte gegen uns einzuleiten. Falls von Ihnen nicht ausdrücklich anders angegeben, berechtigen Sie F-Secure durch die Übermittlung von Material, alle darin beschriebenen Konzepte in Produkten oder Publikationen von F-Secure zu veröffentlichen, ohne dass F-Secure dafür verantwortlich zeichnet.
Schritt 3 - ADS Spy-Scan:

Code

Scan complete, found 0 alternate data streams (ADS's)
Seitenanfang Seitenende
30.03.2010, 23:23
Kaithy
...neu hier

Themenstarter

Beiträge: 7
#10 Und mittlerweile meldet Antivir den Trojaner nicht mehr und auch die Updates funktionieren wieder.
Seitenanfang Seitenende
31.03.2010, 18:19
Swisstreasure
Moderator

Beiträge: 5694
#11 Schritt 1

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking (Norton) und Anti-Malware Programme deaktivieren.

Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben Combo-Fix.exe /u => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch daraus die Schädlinge verschwinden. Es wird ein neuer Systemwiederherstellungspunkt erstellt. Gleichzeitig setzt Combofix die Zeiteinstellungen wieder auf die Ursprungseinstellungen, und setzt die Systemeinstellungen wieder so zurück, dass Dateierweiterungen und Systemdateien versteckt sind, was Du bei Bedarf im Explorer unter Extras => Ordneroptionen aber wieder ändern bzw. Deinen persönlichen Vorlieben entsprechend anpassen kannst.

Schritt 2

Tool-Bereinigung mit OTL

• Doppelklick auf OTL.exe, um das Programm auszuführen.
• Klicke auf den Button CleanUp! und bestätige die Cleanup Prozedur mit Yes.
• OTL fragt nach einem Neustart, lasse das bitte zu.


Nach dem Neustart werden OTL selbst und die meisten anderen Helferprogramme, die wir im Laufe der Bereinigung benutzt haben, nicht mehr vorhanden sein. Evtl. nun noch vorhandene Helferprogramme oder Logfiles bitte manuell löschen und den Papierkorb leeren.

Schritt 3

Windows Update

Dein Windows und der Internet-Explorer sind nicht auf dem neuesten Stand. Besuche die Windows-Update Seite und lasse alle wichtigen Updates installieren, die Dir über die benutzerdefinierte Suche angeboten werden.

Auch wenn Du den Internet Explorer nicht als Hauptbrowser nutzt, empfehle ich Dir, den Internet Explorer 8 zu installieren. Browser sicher konfigurieren: IE 6 - IE 7.

Schritt 4

Programme updaten

Du verwendest zum Teil veraltete Software, die Sicherheitslücken auf deinem System bildet, durch die Malware eindringen kann. Alle Software, die du auf deinem Rechner hast, muss regelmäßig geupdatet werden, auch dann, wenn du sie nicht verwendest. Eine einfache Möglichkeit, diese Software Updates zu überwachen, bietet der Secunia Inspektor.



Noch Fragen?
Seitenanfang Seitenende
05.04.2010, 23:36
Kaithy
...neu hier

Themenstarter

Beiträge: 7
#12 Vielen vielen Dank für die Hilfe!!

Mit den Updates war ich extrem nachlässig - werd versuchen mich zu bessern, damit mir das nicht nochmal passiert.
Seitenanfang Seitenende
06.04.2010, 18:11
Swisstreasure
Moderator

Beiträge: 5694
#13 Nachsorge


Um Dein System vor Malware zu schützen, gebe ich Dir im Anschluss eine Kurzversion mit Tipps und Hinweisen auf Tools, die Dir helfen werden, Dein System abzusichern und in Zukunft frei von Infektionen zu halten. Wenn Dein System infiziert war, rate ich Dir, Deine Passwörter zu ändern. Bitte betrachte die Tipps als Vorschläge und nicht als Nonplusultra ;).

Erstelle einen neuen Systemwiederherstellungspunkt

Das ist ein guter Zeitpunkt, die Systemwiederherstellung zu leeren und einen neuen sauberen Wiederherstellungspunkt zu erstellen (Anleitung für Vista-User).
• Start => Alle Programme => Zubehör => Systemprogramme => Systemwiederherstellung
• Wähle "Einen Wiederherstellungspunkt erstellen" => Weiter
• Gebe als Beschreibung z. B. "Nach_Bereinigung" ein => Erstellen => Schließen.
• Nun Start => Ausführen => cleanmgr (reinschreiben) => OK => Reiter Weitere Optionen
• Klicke unter Systemwiederherstellung auf Bereinigen und bestätige das Löschen mit Ja => OK.
Das wird alle Wiederherstellungspunkte bis auf den letzten neu erstellten löschen.

Diesen Punkt kannst Du weglassen, falls Du das System gerade neu aufgesetzt hast oder Combofix benutzt und ordentlich deinstalliert wurde, da Combofix das schon erledigt.

Massnahmen:

Um Dein System vor Malware zu schützen, gebe ich Dir im Anschluss eine Kurzversion mit Tipps und Hinweisen auf Tools, die Dir helfen werden, Dein System abzusichern und in Zukunft frei von Infektionen zu halten. Wenn Dein System infiziert war, rate ich Dir, Deine Passwörter zu ändern. Bitte betrachte die Tipps als Vorschläge und nicht als Nonplusultra ;).

Falls bei Dir noch nicht installiert, solltest Du Dir die folgenden Programme installieren. Spybot Search&Destroy ist ein gutes Tool, welches bösartige Software sucht und unschädlich macht. Bei der Installation darauf achten, dass der TeaTimer nicht aktiviert wird. Lasse das Tool in regelmäßige Abständen (z. B. einmal pro Woche) laufen und lasse vor der Überprüfung immer nach Updates suchen, Details siehe ausführliche Anleitung. Um Dein System frei von temporären Dateien zu halten, empfehle ich [url="http://www.[url="http://www.CCleaner.de"]CCleaner[/url].de"][url="http://www.CCleaner.de"]CCleaner[/url][/url], (Toolbar nicht mitinstallieren) eine Freeware-Software zur Optimierung und zum Aufräumen von Windows, Einzelheiten siehe die Anleitung von Hijackthis-Forum.de. Bei Java (Sun) immer nur die aktuellste Version auf dem Rechner haben, alle anderen deinstallieren.

Verwende einen alternativen Browser, ich empfehle Firefox. Es gibt eine große Anzahl von Erweiterungen, wie z. B. Adblock Plus und NoScript. Mit der Erweiterung IE Tab ist sogar das Windows- und Office-Upate über Firefox möglich. Die Erweiterung QuickJava sorgt dafür, dass Du Java und Java-Skript nur bei Bedarf einschalten kannst. Eine alternatives E-Mail-Programm ist Thunderbird. Auch dafür gibt es viele sehr gute Erweiterungen.

Als Alternative für die ganzen Messenger kommen Miranda-IM oder Trillian infrage. Miranda ist ein malwarefreier OpenSource Instant-Messenger, der mit Protokollen von AOL, ICQ, IRC, MSN und Yahoo zusammen arbeitet. Mit dem ebenfalls malwarefreien Trillian kannst du mit Nutzern von ICQ, AIM, Yahoo Messenger, MSN und IRC chatten.

"Wie konnte die Malware auf meinen Rechner kommen?", ist die wohl am häufigsten gestellte Frage. Malware gelangt in erster Linie über sogenannte Browser Exploits auf einen Rechner, also über Sicherheitslücken im Browser selbst. Weitere Schleusen sind E-Mail-Anhänge, Lecks im Betriebssystem oder Dateidownloads aus unsicheren Quellen.

Durch Einsatz Deines Köpfchens und folgende simple Maßnahmen kannst Du den Schutz optimieren:

• System immer auf aktuellem Stand halten (Windows Update regelmäßig machen und Software aktualisieren).
• Programme wenn möglich "benutzerdefiniert" installieren und Toolbars und Sponsoren abwählen.
• Internet Explorer sicher konfigurieren.
• Nur Original-Software nutzen und auf Programme aus dubiosen Quellen konsequent verzichten.
• Programme, die Du nicht mehr nutzt, über Systemsteuerung => Software entfernen/deinstallieren.
• Nicht alles anklicken, wo klickmich draufsteht!
• Gesunden Menschenverstand und Vorsicht walten lassen,
• insbesondere bei Dateien, die Du Dir auf den PC holst, also E-Mails, Downloads etc.,
• am besten auf Filesharing über P2P-Programme ganz verzichten.
• Router durch Vergabe eines Kennwortes vor Änderungen von außen schützen.
• Nicht benötigte Dienste und Programme gar nicht erst starten.
Bezüglich der Dienste ist es allerdings nötig, sich damit ausführlich zu beschäftigen, ansonsten die Dienste lieber lassen, wie sie sind.
• Nicht benötigte "Ports" (am eventuell vorhandenen DSL-Router), Freigaben u. ä. schließen.
Port-Scan-Test.
WLAN absichern.
Sichere Passwörter vergeben.
• Nicht mehr als einen Virenscanner mit Hintergrundwächter installieren.
• Nicht mehr als ein Antispyware-Programm mit Hintergrundwächter ständig laufen lassen.
• Das System hin und wieder zusätzlich mit einem dieser kostenlosen Online Scanner überprüfen.
• Datensicherung nicht vergessen!
Immer eine saubere Datensicherung als zurückspielbares Image auf Lager haben.


Freiwillige Spende
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1