Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: SweetPacks IM , Yourfile Downloader

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 07.10.2012, 00:38   #1
holzdan
 
SweetPacks IM , Yourfile Downloader - Standard

SweetPacks IM , Yourfile Downloader



Hallo.
Da mir die Lizenz fuer meine Internet Security Suite verfallen ist war ich nun eine Zeit lang ohne Schutz im Netz unterwegs.Da hat es nicht lange gedauert und ich hatte schon verschiedene toolbars wie babylon , pc beschleunigen tool usw auf der Platte.Auch Sweet Packs IM und yourfile downloader obwohl ich mich nicht erinnern konnte sowas je installiert zu haben.Habe nun Sweet Packs und yourfile downloader , babylon deinstalliert doch ich werde einfach das Gefuehl nicht los dass noch irgendwas übrig ist da mein System wirklich ungalublich langsam läuft seitdem mir diese "Tools" aufgefallen sind.Habe auch mein System wieder ein wenig aufgeräumt mit tune up utilities und cc cleaner was normalerweise den Pc immer wieder etwas flotter macht , diesmal nicht.
Habe meinen Pc auch schon mit Malwarebytes , Eset und einigen anderen Scannern getestet jedoch wurde nix gefunden.
Daher wollte ich meinen OLT - Log hier posten und hoffe mir kann jemand damit weiterhelfen und vielleicht eine Infektion erkennen.

Alt 07.10.2012, 09:13   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SweetPacks IM , Yourfile Downloader - Standard

SweetPacks IM , Yourfile Downloader



Trotzdem bitte alle Logs von Malwarebytes und ESET posten
Die Logs enthalten ein paar mehr Infos als nur Fund oder kein Fund.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 07.10.2012, 10:28   #3
holzdan
 
SweetPacks IM , Yourfile Downloader - Standard

SweetPacks IM , Yourfile Downloader



Habe die Logs der Virenscans leider nicht gespeichert.
Werde sie daher nochmal laufen lassen.Hier inzwischen meine otl.txt

otl.txt part 1

Code:
ATTFilter
 OTL logfile created on: 07.10.2012 11:14:15 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\aaa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 67,95% Memory free
7,73 Gb Paging File | 6,46 Gb Available in Paging File | 83,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463,16 Gb Total Space | 379,91 Gb Free Space | 82,02% Space Free | Partition Type: NTFS
 
Computer Name: AAA-PC | User Name: aaa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.07 01:21:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aaa\Desktop\OTL.exe
PRC - [2012.09.20 05:38:56 | 000,175,496 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
PRC - [2012.08.06 13:44:16 | 000,642,216 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.01.27 09:47:20 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe
PRC - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.07.10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.10.06 19:20:37 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012.09.20 05:38:56 | 000,175,496 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2012.08.30 13:23:28 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012.08.28 17:52:44 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.23 10:17:28 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012.01.27 09:47:20 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe -- (tvnserver)
SRV - [2010.07.08 14:18:29 | 000,333,264 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\3DataManager\WTGService.exe -- (WTGService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.03 16:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2009.11.02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.09.30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.09.25 01:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.09.11 07:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.07.10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) [Disabled | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.01 18:31:53 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.09.20 05:11:58 | 000,086,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2012.09.12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.03 10:23:28 | 000,035,064 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\CFRMD.sys -- (CFRMD)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.04.13 20:12:13 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2012.04.13 20:12:13 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2012.04.13 20:12:13 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2012.04.13 20:12:13 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.21 16:44:30 | 002,793,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.10.17 16:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.07.01 05:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.02.27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.03 17:07:04 | 001,224,192 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.09.18 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.06 14:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.07.23 00:06:26 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.25 04:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360312d206l04c8z135t64n1c413
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={27A42084-C696-11E1-ACC2-0017C4F1B1FE}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360312d206l04c8z135t64n1c413
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&babsrc=SP_ss&mntrId=d65cf95f0000000000000017c4f1b1fe
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT474
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={224E4F9B-E9F3-4617-9BC5-9CE19CA4FA5F}&mid=59da8dcef8ac47d08f78d15e8215580d-2e33c930fa5d3169a9ea342d66355adcb0b86bd8&lang=de&ds=cv011&pr=sa&d=2012-07-05 13:39:36&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.06 17:15:11 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2012.10.06 16:26:02 | 000,444,411 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15262 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe (GlavSoft LLC.)
O4 - HKCU..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.exe - Verknüpfung.lnk = C:\Users\aaa\Desktop\PROXOMITRON\Proxomitron.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04DDC8C3-4207-4A03-847A-5F0D098AC1F3}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{908D8B77-90CF-4CB0-84F4-67EF8DA6CDD4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{908D8B77-90CF-4CB0-84F4-67EF8DA6CDD4}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/html - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/html - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{70624967-858a-11e1-a36c-0017c4f1b1fe}\Shell - "" = AutoRun
O33 - MountPoints2\{70624967-858a-11e1-a36c-0017c4f1b1fe}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.07 11:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMODO
[2012.10.07 11:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Comodo
[2012.10.07 11:12:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.10.07 11:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012.10.07 11:09:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012.10.07 01:21:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\aaa\Desktop\OTL.exe
[2012.10.07 01:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.07 00:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakNow PowerPack 2012
[2012.10.07 00:49:00 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\TweakNow PowerPack 2012
[2012.10.07 00:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweakNow PowerPack 2012
[2012.10.07 00:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012.10.07 00:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2012.10.07 00:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012.10.07 00:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012.10.07 00:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GFI Software
[2012.10.07 00:04:24 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012.10.07 00:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012.10.06 23:52:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.10.06 23:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.10.06 23:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.10.06 23:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.10.06 22:53:52 | 000,000,000 | ---D | C] -- C:\AMD
[2012.10.06 22:48:11 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\Chromium
[2012.10.06 22:43:36 | 000,000,000 | ---D | C] -- C:\Users\aaa\Documents\My Games
[2012.10.06 21:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2012.10.06 21:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2012.10.06 21:26:49 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zak McKracken - Between Time & Space
[2012.10.06 21:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zak McKracken - Between Time & Space
[2012.10.06 21:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zak2
[2012.10.06 21:22:09 | 000,000,000 | ---D | C] -- C:\Users\aaa\Desktop\zak
[2012.10.06 21:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012.10.06 21:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2012.10.06 21:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2012.10.06 20:00:52 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012.10.06 19:28:34 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012.10.06 19:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2012.10.06 16:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.10.06 16:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.10.06 15:28:17 | 000,000,000 | -H-D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items
[2012.10.06 15:28:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items
[2012.10.06 15:28:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2012.10.06 15:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Greatis
[2012.10.06 15:16:09 | 000,039,184 | ---- | C] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2012.10.06 15:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2012.10.06 15:11:49 | 000,000,000 | ---D | C] -- C:\Users\aaa\Documents\RegRun2
[2012.10.06 12:20:58 | 000,000,000 | ---D | C] -- C:\Users\aaa\Desktop\Bücher-links
[2012.10.06 02:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Coranti
[2012.10.06 02:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Coranti
[2012.10.06 02:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GFI Software
[2012.10.06 02:16:35 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\GFI Software
[2012.10.06 01:44:52 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\Sophos
[2012.10.06 01:25:13 | 000,000,000 | ---D | C] -- C:\Users\aaa\Local Settings
[2012.10.06 01:16:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012.10.06 01:00:50 | 000,000,000 | ---D | C] -- C:\escw_100_sa
[2012.10.06 00:57:47 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\Symantec
[2012.10.06 00:55:23 | 000,287,152 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\SymVPN.dll
[2012.10.06 00:55:23 | 000,058,288 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\snacnp.dll
[2012.10.05 23:52:02 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012.10.05 23:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012.10.05 23:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012.10.05 23:51:28 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\TestApp
[2012.10.05 23:27:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.10.05 22:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2012.10.05 21:41:00 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012.10.05 21:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012.10.05 21:40:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy Arcade
[2012.10.05 21:40:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions
[2012.10.05 21:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra
[2012.10.05 20:30:20 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Netdevil
[2012.10.05 20:06:36 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\GameSpy
[2012.10.05 20:06:27 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\ApplicationHistory
[2012.10.05 20:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy
[2012.10.05 20:06:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy
[2012.10.05 20:05:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2012.10.05 20:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA
[2012.10.05 20:03:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2012.10.05 20:03:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012.10.05 20:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.10.05 20:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Netdevil
[2012.10.05 15:34:02 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tennis Elbow 2011
[2012.10.05 15:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tennis Elbow 2011
[2012.10.05 15:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tennis Elbow 2011
[2012.10.01 18:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
[2012.10.01 18:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LucasArts
[2012.10.01 18:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2012.10.01 18:31:53 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.10.01 18:31:49 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\DAEMON Tools Pro
[2012.10.01 18:31:43 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\OpenCandy
[2012.10.01 18:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2012.10.01 18:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2012.09.20 05:40:04 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysWow64\sbbd.exe
[2012.09.20 05:11:58 | 000,086,816 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbwtis.sys
[2012.09.12 20:19:42 | 000,634,560 | ---- | C] (Xceed Software Inc        (450) 442-2626        support@xceedsoft.com        www.xceedsoft.com) -- C:\Windows\SysWow64\XceedZip.dll
[2012.09.12 20:19:38 | 000,082,872 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbapifs.sys
[2009.11.05 05:33:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.07 11:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.07 11:17:10 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 11:17:10 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 11:12:19 | 000,002,051 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk
[2012.10.07 11:12:19 | 000,002,047 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2012.10.07 11:12:19 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2012.10.07 11:09:30 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.07 11:08:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.07 10:40:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.07 01:39:54 | 000,000,000 | ---- | M] () -- C:\Users\aaa\defogger_reenable
[2012.10.07 01:22:06 | 000,050,477 | ---- | M] () -- C:\Users\aaa\Desktop\Defogger.exe
[2012.10.07 01:21:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aaa\Desktop\OTL.exe
[2012.10.07 00:49:08 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\TweakNow PowerPack 2012.lnk
[2012.10.07 00:37:17 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012.10.07 00:04:28 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\VIPRE.lnk
[2012.10.06 23:45:46 | 000,007,669 | ---- | M] () -- C:\Users\aaa\AppData\Local\Resmon.ResmonCfg
[2012.10.06 23:22:32 | 000,001,110 | ---- | M] () -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.exe - Verknüpfung.lnk
[2012.10.06 23:17:42 | 000,000,372 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.10.06 22:36:54 | 003,629,231 | ---- | M] () -- C:\Program Files (x86)\YourFileDownloader.rar
[2012.10.06 21:26:50 | 000,000,959 | ---- | M] () -- C:\Users\aaa\Desktop\Zak McKracken - BTAS.lnk
[2012.10.06 21:14:57 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012.10.06 21:14:57 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012.10.06 19:28:34 | 000,000,219 | ---- | M] () -- C:\Users\aaa\Desktop\Counter-Strike Source.url
[2012.10.06 19:08:02 | 000,001,837 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.10.06 16:46:41 | 000,005,104 | ---- | M] () -- C:\Windows\wininit.ini
[2012.10.06 16:26:02 | 000,444,411 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.10.06 15:28:21 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012.10.06 15:28:21 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2012.10.06 15:28:21 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012.10.06 15:16:09 | 000,039,184 | ---- | M] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2012.10.06 00:55:23 | 000,287,152 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\SymVPN.dll
[2012.10.06 00:55:23 | 000,058,288 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\snacnp.dll
[2012.10.05 23:52:24 | 001,997,385 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012.10.05 20:41:19 | 000,362,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.05 20:06:27 | 000,000,091 | ---- | M] () -- C:\Users\aaa\AppData\Local\fusioncache.dat
[2012.10.05 20:05:29 | 001,554,122 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.05 20:05:29 | 000,664,634 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.05 20:05:29 | 000,624,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.05 20:05:29 | 000,134,770 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.05 20:05:29 | 000,110,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.02 03:00:36 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.10.01 18:33:54 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.01 18:31:53 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.09.26 16:55:44 | 000,000,162 | ---- | M] () -- C:\Users\aaa\SecurityKISSTunnel.config
[2012.09.20 05:40:04 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysWow64\sbbd.exe
[2012.09.20 05:40:04 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012.09.20 05:11:58 | 000,086,816 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\sbwtis.sys
[2012.09.12 20:19:42 | 000,634,560 | ---- | M] (Xceed Software Inc        (450) 442-2626        support@xceedsoft.com        www.xceedsoft.com) -- C:\Windows\SysWow64\XceedZip.dll
[2012.09.12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\sbapifs.sys
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.07 11:12:19 | 000,002,051 | ---- | C] () -- C:\Users\Public\Desktop\AntiError.lnk
[2012.10.07 11:12:19 | 000,002,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2012.10.07 11:12:19 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2012.10.07 01:39:54 | 000,000,000 | ---- | C] () -- C:\Users\aaa\defogger_reenable
[2012.10.07 01:22:06 | 000,050,477 | ---- | C] () -- C:\Users\aaa\Desktop\Defogger.exe
[2012.10.07 00:49:08 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\TweakNow PowerPack 2012.lnk
[2012.10.07 00:37:17 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012.10.07 00:04:28 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE.lnk
[2012.10.06 23:45:46 | 000,007,669 | ---- | C] () -- C:\Users\aaa\AppData\Local\Resmon.ResmonCfg
[2012.10.06 23:22:32 | 000,001,110 | ---- | C] () -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.exe - Verknüpfung.lnk
[2012.10.06 22:36:53 | 003,629,231 | ---- | C] () -- C:\Program Files (x86)\YourFileDownloader.rar
[2012.10.06 21:28:52 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.10.06 21:28:52 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2012.10.06 21:28:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.10.06 21:26:50 | 000,000,959 | ---- | C] () -- C:\Users\aaa\Desktop\Zak McKracken - BTAS.lnk
[2012.10.06 21:14:57 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012.10.06 21:14:57 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012.10.06 19:28:34 | 000,000,219 | ---- | C] () -- C:\Users\aaa\Desktop\Counter-Strike Source.url
[2012.10.06 19:08:02 | 000,001,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.10.06 19:08:02 | 000,001,837 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.10.06 16:46:33 | 000,005,104 | ---- | C] () -- C:\Windows\wininit.ini
[2012.10.06 15:28:02 | 000,057,556 | ---- | C] () -- C:\Windows\guard.bmp
[2012.10.06 15:11:51 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012.10.06 15:11:51 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2012.10.06 15:11:51 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012.10.05 23:52:08 | 001,997,385 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012.10.05 20:06:27 | 000,000,091 | ---- | C] () -- C:\Users\aaa\AppData\Local\fusioncache.dat
[2012.10.05 15:34:10 | 000,921,600 | ---- | C] () -- C:\Windows\SysNative\vorbisenc.dll
[2012.10.05 15:34:10 | 000,237,568 | ---- | C] () -- C:\Windows\SysNative\OggDS.dll
[2012.10.05 15:34:10 | 000,188,416 | ---- | C] () -- C:\Windows\SysNative\vorbis.dll
[2012.10.05 15:34:10 | 000,045,056 | ---- | C] () -- C:\Windows\SysNative\ogg.dll
[2012.05.28 12:29:23 | 000,000,162 | ---- | C] () -- C:\Users\aaa\SecurityKISSTunnel.config
[2012.03.11 17:44:19 | 001,554,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.11 05:13:30 | 000,001,744 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2012.03.11 02:40:53 | 000,026,569 | ---- | C] () -- C:\ProgramData\1331426446.4376.bin
[2012.03.11 02:40:48 | 000,008,383 | ---- | C] () -- C:\ProgramData\1331426446.3708.bin
[2012.03.11 02:40:47 | 000,006,945 | ---- | C] () -- C:\ProgramData\1331426446.3724.bin
[2012.03.11 02:40:46 | 000,054,366 | ---- | C] () -- C:\ProgramData\1331426446.2708.bin
[2012.03.11 01:48:28 | 000,000,372 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.03.11 01:15:44 | 000,302,835 | ---- | C] () -- C:\ProgramData\1331420176.bdinstall.bin
[2012.03.10 21:05:49 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2012.03.10 21:05:49 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012.03.10 21:05:49 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012.03.10 21:05:49 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2012.03.10 20:46:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.07 20:35:48 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlibwapi.dll
[2012.02.07 20:35:48 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.04.13 20:47:28 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\3DataManager
[2012.03.11 01:03:45 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Bitdefender
[2012.03.14 23:51:04 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\BitTorrent
[2012.03.24 20:40:48 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Cerberus LLC
[2012.10.06 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\DAEMON Tools Pro
[2012.03.26 19:10:35 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\foobar2000
[2012.05.01 20:29:42 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\GameHouse
[2012.10.06 02:16:35 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\GFI Software
[2012.03.24 20:07:29 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\GrabPro
[2012.07.05 13:17:39 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\ImgBurn
[2012.03.11 16:53:28 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\KC Softwares
[2012.10.01 18:31:46 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\OpenCandy
[2012.05.11 11:03:43 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\OpenOffice.org
[2012.10.06 19:08:11 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Opera
[2012.10.05 23:28:13 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Orbit
[2012.03.24 20:08:18 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\ProgSense
[2012.03.11 01:00:45 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\QuickScan
[2012.03.14 22:34:31 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Securepoint Operation Center
[2012.10.05 23:51:28 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\TestApp
[2012.10.05 23:28:33 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\TuneUp Software
[2012.10.07 00:49:03 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\TweakNow PowerPack 2012
[2012.10.06 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\uTorrent
[2012.05.02 17:42:17 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\YourFileDownloader
         
otl.txt part 2

Code:
ATTFilter
 ========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 52 bytes -> C:\Windows\write.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WPatchProgress.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WMSysPr9.prx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WLXPGSS.SCR:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisPriority.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisMvImg.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisLangCode.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisGAPasx64.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisGAPas.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winhlp32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WindowsUpdate.log:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WindowsShell.Manifest:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WIN7BASE_XX.TAG:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\win.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\USER.XML:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\USB_VIDEO_REG.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\UNINST32.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\twunk_32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\twunk_16.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\twain_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\twain.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\tasks\SCHEDLGU.TXT:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\zlibwapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\zlib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\zipfldr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwtpw32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwtpdui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwreg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwizards.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwizard.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwizard.dtd:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xpssvcs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XPSSHHDR.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xpsservices.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xpsrchvw.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xpsrchvw.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XpsRasterService.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XpsPrint.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XpsGdiConverter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XpsFilt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xolehlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xmlprovi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xmllite.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xmlfilter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XInput9_1_0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xcopy.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XceedSco.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XceedCry.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wzcdlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wwapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WWanAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wuwebv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wusa.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wups.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wudriver.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wuapp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wuapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wtsapi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSTPager.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsock32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsnmp32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmWmiPl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmTxt.xsl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmSvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmRes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmPty.xsl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsmprovhost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsmplpxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmAuto.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSManMigrationPlugin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSManHTTPConfig.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsmanconfig_schema.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSHTCPIP.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshrm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshqos.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshom.ocx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshirda.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wship6.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshelper.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshcon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshbth.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsecedit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsdchngr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSDApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscui.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscript.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscproxystub.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscmisetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscisvif.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscinterop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ws2help.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ws2_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\write.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wpdwcn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WPDSp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WPDShServiceObj.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WPDShextAutoplay.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wpdshext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wpcsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wpcao.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Wpc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wowreg32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wow32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVXENCD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVSENCD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVSDECD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVENCOD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmvdspa.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVDECOD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVCORE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMSPDMOE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMSPDMOD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmsgapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMPhoto.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMNetMgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmiprop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmidx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdrmsdk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdrmnet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdrmdev.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdmps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdmlog.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmcodecdspps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMASF.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMADMOE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMADMOD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WlS0WndH.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlgpclnt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Wldap32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlansec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanpref.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanmsm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WlanMM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlaninst.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanhlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlangpui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanext.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlandlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WLanConn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlancfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wksprtPS.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wkscli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WISPTIS.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winver.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winusb.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wintrust.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WinSyncProviders.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WinSyncMetastore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WinSync.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winsta.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WINSRPC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winspool.drv:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winsockhc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winshfhc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WinSCard.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WinSATAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrssrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrsmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrshost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrscmd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrs.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrnr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrm.vbs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrm.cmd:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winnsi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winmm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winipsec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wininit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wininet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winhttp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WinFax.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WindowsCodecsExt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WindowsCodecs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wincredprovider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winbrand.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winbio.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\win32spl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wimserv.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wimgapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiavideo.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiatrace.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiashext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiascanprofiles.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WiaExtensionHost64.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiadss.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiadefui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiaaut.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiaacmgr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\whoami.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\whhelper.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\where.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\whealogr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WfHC.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wfapigp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WF.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wextract.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wevtutil.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wevtfwd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wevtapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\werui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wermgr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WerFaultSecure.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WerFault.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\werdiagcontroller.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wer.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wecutil.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wecapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\webservices.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\webio.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WebClnt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\webcheck.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WEB.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wdscore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wdmaud.drv:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wdigest.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wdi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wdc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WcsPlugInService.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wcnwiz.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WcnEapPeerProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WcnEapAuthProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wcncsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WcnApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wbemcomn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wavemsp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\waitfor.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WABSyncProvider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\w32topl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\w32tm.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vsstrace.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vssapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vssadmin.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vss_ps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vpnikeapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\virtdisk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VIDRESZR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vidcap.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vfwwdm32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vfpodbc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\version.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\verifier.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\verifier.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\verclsid.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VEN2232.OLB:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vdsvd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vdsdyn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vdsbas.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vds_ps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vdmdbg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vcomp100.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vbscript.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vbisurf.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VBICodec.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VBAME.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vbajet32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VBAEND32.OLB:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VBAEN32.OLB:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VBADE32.OLB:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vaultcli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Vault.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VAN.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uxtheme.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uxlibres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uxlib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UXInit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uudf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Utilman.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\utildll.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\usp10.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\usk.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\userinit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\userenv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\usercpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UserAccountControlSettings.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UserAccountControlSettings.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\user32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\user.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\usbui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\usbperf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\usbceip.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\urlmon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\url.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ureg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\upnphost.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\upnpcont.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\upnp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\untfs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\unlodctr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uniplat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\unimdmat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\unimdm.tsp:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\umdmxfrm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ulib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UIRibbonRes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UIRibbon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uicom.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UIAutomationCore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UIAnimation.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ufat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uexfat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\udhisapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ucmhc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ubpm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tzutil.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tzres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\typeperf.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\typelib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\txfw32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\txflog.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\twext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tvratings.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TsWpfWrp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TSWorkspace.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TSTheme.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tspkg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tsmf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tsgqec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TSChannel.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tsbyuv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tree.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TRAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\traffic.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TRACERT.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tracerpt.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tquery.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TpmInit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tpmcompc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tpm.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tlscsp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tintlgnt.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\timeout.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TimeDateMUICallback.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\timedate.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ticrf.rat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\thumbcache.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\themeui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\themecpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\thawbrkr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\termmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\telephon.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tdh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tdc.ocx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TCPSVCS.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tcpmonui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tcpipcfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tcpbidi.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tcmsetup.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tbs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TaskSchdPS.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\taskschd.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\taskschd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\taskmgr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tasklist.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\taskkill.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\taskeng.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\taskcomp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TapiUnattend.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tapiui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TapiSysprep.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tapisrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tapiperf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TapiMigPlugin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tapi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tapi3.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\takeown.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\t2embed.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\systray.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesRemote.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesProtection.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesPerformance.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesHardware.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesDataExecutionPrevention.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesComputerName.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesAdvanced.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\systeminfo.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\systemcpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\syssetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sysprtj.sep:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sysprint.sep:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sysmon.ocx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\syskey.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sysdm.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SynTPCOM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\syncui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SynCtrl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Syncreg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SynCOM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SyncInfrastructureps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SyncInfrastructure.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SyncHostps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SyncHost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\synceng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SyncCenter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sxstrace.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sxsstore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sxshared.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sxs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sxproxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\svchost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sud.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\subst.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SubRange.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\StructuredQuery.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Storprop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\StorageContextHandler.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\storage.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\stobject.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sti.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\stdole32.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\stdole2.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\stclient.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ssText3d.scr:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SSShim.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sspicli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ssdpapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sscore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\srvcli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\srhelper.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\srdelayed.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\srclient.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\srchadmin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqmapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlwoa.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlwid.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlunirl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlsrv32.rll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlsrv32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlcese30.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlceqp30.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlceoledb30.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spwizres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spwizimg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spwizeng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spwinsat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppwmi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppinst.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppcommdlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppcomapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppcext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppcc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spopk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spnet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SPInf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spfileq.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spbcd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SortWindows6Compat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SortServer2003Compat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sort.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\softpub.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\softkbd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\snmpapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SndVolSSO.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SndVol.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SMBHelperClass.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SmartcardCredentialProvider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\slwga.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\slmgr.vbs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\slcext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\slc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sisbkup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\simpdata.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\signdrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shwebsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shutdown.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shunimpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shsvcs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shsetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shrpubw.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shpafact.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shlwapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shimgvw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shimeng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ShiftJIS.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shgina.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shfolder.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shellstyle.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shell32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shdocvw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shacct.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SFCOM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sfc_os.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sfc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sfc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\setx.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\setupugc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\setupSNK.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\setupcln.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\setupapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\setup16.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SetIEInstalledDate.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sethc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SessEnv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\serwvdrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\services.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\serialui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SensorsCpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SensorsApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SensApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Sens.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sendmail.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\security.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\secur32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\secproc_ssp_isv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\secproc_ssp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\secproc_isv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\secproc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\secinit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sechost.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SecEdit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SearchProtocolHost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SearchIndexer.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SearchFolder.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SearchFilterHost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sdohlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sdiagprv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sdiagnhost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sdiageng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sdchange.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sdbinst.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scrrun.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scrobj.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scrnsave.scr:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scripto.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SCP32.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scksp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\schtasks.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\schedcli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\schannel.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scesrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scecli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SCardDlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scansetting.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sberes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sbeio.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sbe.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sas.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SampleRes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\samlib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\samcli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\runonce.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RunLegacyCPLElevated.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rundll32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\runas.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rtutils.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rtm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rtffilt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RstrtMgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rshx32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rsaenh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rrinstaller.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RpcRtRemote.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rpcrt4.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RpcPing.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rpcnsh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RpcNs4.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RPCNDFP.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rpchttp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RpcDiag.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ROUTE.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Robocopy.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rnr20.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rmoc3260.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RmClient.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RMActivate_ssp_isv.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RMActivate_ssp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RMActivate_isv.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RMActivate.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\riched32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\riched20.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Ribbons.scr:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rgb9rast.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\resutils.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RestartManagerUninstall.mof:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RestartManager.mof:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\resmon.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RESAMPLEDMO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\replace.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rendezvousSession.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\remotesp.tsp:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\remotepg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\relog.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rekeywiz.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\regsvr32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\regini.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\regedt32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\regedit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RegCtrl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\regapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\reg.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\recover.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ReAgentc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ReAgent.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rdrleakdiag.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rdprefdrvapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rdpencom.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rdpd3d.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rdpcore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rastls.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rastapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasser.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasppp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasplap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasphone.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasmxs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasmontr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RASMM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasman.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasgcw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\raserver.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasdlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasdial.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasdiag.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasctrs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasctrnm.h:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\raschap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rascfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasautou.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasapi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasadhlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\radarrs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\radardt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RacRules.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\racpldlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RacEngn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qwave.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\QUTIL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\quick.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Query.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\quartz.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\QSVRMGMT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\QSHVHOST.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qmgrprxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qintlgnt.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qedwipes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qedit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qdvd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qdv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\QCLIPROV.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qcap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qasf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\QAGENT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pwrshplugin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\puiobj.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\puiapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pstorsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pstorec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\psr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\psisrndr.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\psisdecd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PSHED.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pscript.sep:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\psbase.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\psapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\provthrd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\provsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\proquota.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\propsys.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\profapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\prntvpt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\prnntfy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\prnfldr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\prncache.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\printui.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\printui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\print.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\prflbmsg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\prevhost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PresentationNative_v0300.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PresentationHostProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PresentationHost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\powrprof.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\powercpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\powercfg.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\powercfg.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pots.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceWMDRM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceWiaCompat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceTypes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceSyncProvider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceStatus.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceConnectApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceClassExtension.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\poqexec.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\polstore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pnrpnsp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pnpsetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pnidui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pngfilt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pndx5032.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pndx5016.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pncrt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PlaySndSrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pla.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pku2u.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PkgMgr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pintlgnt.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PING.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pifmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pidgenx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pid.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PhysXLoader.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PhysX.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\photowiz.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PhotoScreensaver.scr:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PhotoMetadataHandler.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\phon.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfts.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PerfStringBackup.INI:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfproc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfos.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfnet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfmon.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfmon.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfhost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfdisk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfctrs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PerfCenterCpl.ico:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PerfCenterCPL.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pegi-pt.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pegi-fi.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pegibbfc.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pegi.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pdhui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pdh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pcwum.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pcl.sep:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pcaui.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pcaui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pautoenr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PATHPING.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\panmap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\packager.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\p2pnetsh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\P2PGraph.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\p2pcollab.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\P2P.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\osuninst.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\osk.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\osbaseln.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\OptionalFeatures.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\opengl32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\openfiles.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\OpenCL.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\OpcServices.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\OobeFldr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\OnLineIDCpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\onexui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\onex.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\olethk32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\olesvr32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oleres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\olepro32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oleprn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oledlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\olecli32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oleaut32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oleaccrc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oleacchooks.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oleacc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ole32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ole2nls.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ole2disp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ole2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ogldrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oflc.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\offfilt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odtext32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odpdx32.dll:coranti
         
__________________

Geändert von holzdan (07.10.2012 um 10:55 Uhr)

Alt 07.10.2012, 10:52   #4
holzdan
 
SweetPacks IM , Yourfile Downloader - Standard

SweetPacks IM , Yourfile Downloader



otl.txt part 3

Code:
ATTFilter
 @Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odfox32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odexl32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oddbse32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbctrac.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcjt32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcji32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcint.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbccu32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbccr32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbccp32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcconf.rsp:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcconf.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcconf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcbcp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcad32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbc32gt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbc32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ocsetup.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ocsetapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\occache.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\objsel.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntvdm64.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntshrui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntprint.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntprint.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntoskrnl.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntmarta.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntlanui2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntlanman.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntkrnlpa.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntdsapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntdll.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nslookup.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nsi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nshwfp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nshipsec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nshhttp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\npmproxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\notepad.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\normaliz.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NOISE.THA:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\noise.kor:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\noise.jpn:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NOISE.DAT:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NOISE.CHT:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NOISE.CHS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsModels0011.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0c1a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons081a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0816.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0416.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0414.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons004e.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons004c.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons004b.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons004a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0049.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0047.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0046.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0045.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons003e.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0039.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons002a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0027.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0026.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0024.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0022.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0021.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0020.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons001d.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons001b.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons001a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0019.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0018.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0013.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0011.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0010.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons000f.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons000d.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons000c.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons000a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0009.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0007.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0003.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0002.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0001.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Nlsdl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0c1a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData081a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0816.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0416.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0414.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData004e.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData004c.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData004b.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData004a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0049.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0047.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0046.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0045.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData003e.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0039.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData002a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0027.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0026.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0024.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0022.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0021.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0020.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData001d.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData001b.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData001a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0019.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0018.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0013.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0011.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0010.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData000f.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData000d.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData000c.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData000a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0009.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0007.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0003.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0002.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0001.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0000.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nlsbres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nlmsprep.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nlmgp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nlhtml.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nlaapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\newdev.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\newdev.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\networkmap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\networkitemfactory.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\networkexplorer.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netutils.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NETSTAT.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netshell.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netsh.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netprofm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netprof.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Netplwiz.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netplwiz.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netmsg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netlogon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netjoin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netiougc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netiohlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netid.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\neth.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netfxperf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netevent.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netdiagfx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netcorehc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netcfgx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netcenter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netbtugc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netbios.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netapi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\net1.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\net.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\negoexts.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndptsp.tsp:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndproxystub.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndishc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndiscapCfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndfhcdiscovery.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NdfEventView.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndfetw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndfapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nddeapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndadmin.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ncsi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ncryptui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ncrypt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ncpa.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ncobjapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nci.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NcdProp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NaturalLanguage6.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NativeHooks.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NAPSTAT.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NAPMONTR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\napipsec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NapiNSP.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NAPHLPR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\napdsnap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NAPCRYPT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NAPCLCFG.MSC:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Mystify.scr:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mydocs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mycomput.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MuiUnattend.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\muifontsetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mtxoci.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mtxlegih.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mtxex.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mtxdm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mtxclu.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mtstocom.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msyuv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxml6r.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxml6.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxml4r.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxml4a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxml3r.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxml3.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxbde40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mswstr10.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mswsock.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mswmdm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mswdat10.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSVidCtl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvidc32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvfw32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcrt40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcrt20.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcrt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcr70.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcr100_clr0400.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcr100.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcp60.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcp100.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcirt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvbvm60.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msv1_0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msutb.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mstscax.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mstsc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mstext40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mstask.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msswch.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssvp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSSTDFMT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssrch.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssprxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssphtb.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssph.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssitlb.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssip32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssign32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msshooks.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msshavmsg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssha.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msscript.ocx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msscp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msscntrs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msrle32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msrepl40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MsRdpWebAccess.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msrdc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msrd3x40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msrd2x40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msrating.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MsraLegacy.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msra.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msports.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mspbde40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mspatcha.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mspaint.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msorcl32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msorc32r.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msoert2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msoeacct.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msobjs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSNP.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msnetobj.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msmpeg2vdec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSMPEG2ENC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msmpeg2adec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msltus40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msls31.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msjtes40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msjter40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msjint40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msjetoledb40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msjet40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msisip.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msinfo32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msimtf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msimsg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msimg32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msiltcfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msihnd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msiexec.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msieftp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msidntld.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msidle.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msident.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msidcrl30.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mshtmler.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mshtmled.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mshtml.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mshtml.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mshta.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msgsm32.acm:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msg711.acm:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msftedit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msfeedssync.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msfeedsbs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msfeeds.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msexcl40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msexch40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSDvbNP.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdtcVSp1res.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdtcuiu.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdtcprx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdt.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdrm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdmo.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdelta.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdatsrc.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdart.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdadiag.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msctfui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msctfp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MsCtfMonitor.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msctfime.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msctf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscpxl32.dLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscpx32r.dLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscories.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscorier.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscoree.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSCOMCTL.OCX:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscms.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msclmd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscat32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscandui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msaudite.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msasn1.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msafd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msadp32.acm:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msacm32.drv:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msacm32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSAC3ENC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msaatext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MRINFO.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mprmsg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mprdim.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mprddm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mprapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mpr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MPG4DECD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mpg2splt.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Mpeg2Data.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MP4SDECD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MP43DECD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MP3DMOD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mountvol.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\moricons.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\more.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\modemui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mode.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mobsync.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmsys.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MMDevAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmcshext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmcndmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmcico.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmci.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmcbase.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mlang.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mlang.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mimefilt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\miguiresource.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\migisol.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MigAutoPlay.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\midimap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mgmtapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MFWMAAEC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfvdsp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfreadwrite.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfpmp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MFPlay.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfplat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfmjpegdec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfh264enc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mferror.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfdvdec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfds.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfcsubs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfcm100u.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfcm100.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc42u.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc42.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc40u.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100u.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100rus.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100kor.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100jpn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100ita.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100fra.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100esn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100enu.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100deu.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100cht.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100chs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfAACEnc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mf3216.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mdminst.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mctres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mciwave.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mciseq.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mciqtz32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mcicda.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mciavi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MCEWMDRMNDBootstrap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mcbuilder.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mapisvc.inf:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mapistub.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mapi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\makecab.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\main.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Magnify.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Magnification.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lz32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lusrmgr.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\luainstall.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lsmproxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lpk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\logoncli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\logman.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\loghours.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\logagent.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lodctr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\locationnotificationsview.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\LocationNotifications.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\LocationApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\localsec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\locale.nls:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\loadperf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\linkinfo.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\licmgr10.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\license.rtf:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lcptr.tbl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lcphrase.tbl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\LAPRXY.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\label.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\l3codecp.acm:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\l3codeca.acm:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\L2SecHC.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\l2nacp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\l2gpstore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\l_intl.nls:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ktmw32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ktmutil.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ksxbar.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Kswdmcap.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ksuser.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kstvtune.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ksproxy.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\korwbrkr.lex:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\korwbrkr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\korean.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kmddsp.tsp:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\keymgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\keyiso.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KernelBase.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kernel32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kerberos.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kdbsdk32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDYCL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDYCC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDYBA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDYAK.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDWOL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDVNTC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUZB.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUSX.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUSR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUSL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUSA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUS.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDURDU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUR1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUKX.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUK.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUGHR1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUGHR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTURME.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTUQ.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTUF.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTIPRC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTH3.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTH2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTH1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTH0.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTAT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTAJIK.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSYR2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSYR1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSW09.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSW.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSP.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSORST.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSORS1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSOREX.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSN1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSMSNO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSMSFI.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSL1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSG.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSF.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDRU1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDRU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDROST.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDROPR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDRO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDPO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDPL1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDPL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDPASH.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDNSO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDNO1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDNO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDNEPR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdnecnt.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdnecat.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdnec95.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdnec.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDNE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMONMO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMON.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMLT48.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMLT47.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMAORI.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMACST.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMAC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLV1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLV.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLT2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLT1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdlk41a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLAO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDKYR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDKOR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDKHMR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDKAZ.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDJPN.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDIULAT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDIT142.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDIT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDIR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINUK2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINTEL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINTAM.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINPUN.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINORI.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINMAR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINMAL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINKAN.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINHIN.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINGUJ.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINDEV.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINBEN.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINBE2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINBE1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINASA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDIC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDIBO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdibm02.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHU1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHEPT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHELA3.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHELA2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHEB.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHE319.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHE220.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHAU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDGRLND.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDGR1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDGR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDGKL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdgeoqw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdgeoer.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDGEO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDGAE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDFR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDFO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDFI1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDFI.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDFC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDFA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDEST.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDES.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDDV.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDDIV2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDDIV1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDDA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDCZ2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDCZ1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDCZ.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDCR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDCAN.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDCA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBULG.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBLR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBHC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBGPH1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBGPH.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBENE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBASH.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDAZEL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDAZE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdax2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDARMW.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDARME.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDAL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDA3.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDA2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDA1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd106n.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd106.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd103.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd101c.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd101b.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd101a.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd101.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kanji_2.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kanji_1.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\jsproxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\jscript9.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\jscript.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\joy.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iyuv_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ivfsrc.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\itss.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\itircl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\isoburn.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsiwmi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsium.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsied.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsidsc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsicpl.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsicpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsicli.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\irprops.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\irclass.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir50_qcx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir50_qc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir50_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir41_qcx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir41_qc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir41_32.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir32_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ipsmsnap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ipsecsnp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iprtrmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iprtprio.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iprop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IPHLPAPI.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ipconfig.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IPBusEnumProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iologmsg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\intl.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\instnm.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\inseng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\input.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\InkEd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\infocardcpl.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\infocardapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\InfDefaultInstall.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\INETRES.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\inetmib1.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\inetcpl.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\inetcomm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imm32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imkr80.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IMJP10K.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IMJP10.IME:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imgutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imapi2fs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imapi2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imagesp1.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imageres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imagehlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imaadp32.acm:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\igkrng500.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\igfcg500m.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\igfcg500.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\igdumd32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\igd10umd32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\igcompkrng500.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ifsutilx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ifsutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ifmon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iexpress.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieUnatt.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieuinit.inf:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iesysprep.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iesetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iertutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iernonce.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iepeers.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieframe.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iedkcs32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieapfltr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieapfltr.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieakui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieaksie.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieakeng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IEAdvpack.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ie4uinit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IDStore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\idndl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ideograf.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icsunattend.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icsigd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icrav03.rat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IconCodecService.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icmui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icmp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icm32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iccvid.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icardres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icardie.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icardagt.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icacls.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iassvcs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iassdo.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iassam.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iasrecst.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iasrad.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iaspolcy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iasnap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IasMigPlugin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iashlpr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iasdatastore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iasads.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iasacct.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ias.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iac25_32.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\htui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\httpapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\html.iec:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\HOSTNAME.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hnetmon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hnetcfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hlp95en.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hlink.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hidserv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hidphone.tsp:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hid.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hhsetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hhctrl.ocx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hh.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hgcpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\HelpPaneProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\help.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hdwwiz.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hdwwiz.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hcproviders.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hbaapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\grpconv.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\grb.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gpupdate.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gptext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gpresult.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gpprnext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gpedit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gpapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\glu32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\glmf32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\getuname.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\getmac.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gdi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gcdef.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gb2312.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\GameUXLegacyGDFs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gameux.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\g711codc.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FXSXP32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FXSRESM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FXSEXT32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FXSCOMEX.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FXSCOM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FXSAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FwRemoteSvr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FWPUCLNT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fwcfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fundisc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ftp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fthsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fsutil.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fsmgmt.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\framedynos.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\framedyn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fphc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\format.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\forfiles.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fontview.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fontsub.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fontext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fms.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fmifs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FM20ENU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FM20DEU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FM20.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fltMC.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fltLib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FlashPlayerApp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fixmapi.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FirewallControlPanel.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FirewallAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Firewall.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\finger.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\findstr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\findnetprinters.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\find.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\filemgmt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\feclient.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdWSD.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdWNet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdWCN.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdSSDP.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdPnp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdeploy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fde.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdBthProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdBth.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Faultrep.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\f3ahvoas.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\extrac32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\expsrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ExplorerFrame.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\explorer.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\expand.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\evr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eventvwr.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eventvwr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EventViewer_EventDetails.xsl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eventcreate.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eventcls.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eudcedit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\esrb.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\esentutl.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\esentprf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\esent.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\es.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eqossnap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EncDec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\encapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\elsTrans.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\elslad.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ELSCore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\els.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EhStorShell.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EhStorPwdMgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EhStorAuthn.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EhStorAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\efsutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\efsui.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\efscore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\efsadu.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EAPQEC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eappprxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eapphost.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eappgnui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eappcfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eapp3hst.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dxva2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dxtrans.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dxtmsft.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DxpTaskSync.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DXPTaskRingtone.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dxgi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dxdiagn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dxdiag.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DWWIN.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DWrite.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dwmcore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dwmapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dvdupgrd.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dvdplay.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\duser.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dui70.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dtsh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dswave.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsuiext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dssenh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dssec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dssec.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsrole.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsquery.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsprop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsound.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dskquoui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dskquota.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DShowRdpFilter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsdmo.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsauth.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ds32gt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drvstore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drvinst.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drttransport.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drtprov.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drprov.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drmv2clt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drmmgrtn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drivers\wimmount.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drivers\gmreadme.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drivers\gm.dls:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drivers\DKbFltr.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\driverquery.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpwsockx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnsvr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnlobby.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnhupnp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnhpast.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnathlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnaddr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpmodemx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dplayx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dplaysvr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DpiScaling.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpapiprovider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpapimig.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3ui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3msm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3hc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3gpui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3gpclnt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3dlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3cfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3api.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\doskey.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\docprop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dnscmmc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dnscacheugc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dnsapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmview.ocx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmvdsitf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmusic.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmsynth.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmstyle.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmscript.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmrc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmocx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmloader.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmintf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmime.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmdskres2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmdskres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmdskmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmdlgs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmcompos.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmband.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dllhst3g.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dllhost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DisplaySwitch.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Display.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dispex.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Dism.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskraid.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskperf.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskpart.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskmgmt.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskcopy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskcopy.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskcomp.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dinput8.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dinput.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dimsroam.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dimsjob.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\difxapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diantz.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dialer.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dhcpsapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DHCPQEC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dhcpcsvc6.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dhcpcsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dhcpcore6.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dhcpcore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dhcpcmonitor.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DfsShlEx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dfshim.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dfscli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dfrgui.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\devrtl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\devobj.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\devmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\devmgmt.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DeviceUxRes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DeviceProperties.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DevicePairingWizard.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DevicePairingProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DevicePairingHandler.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DevicePairingFolder.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DevicePairing.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DeviceMetadataParsers.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DeviceDisplayStatusManager.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DeviceCenter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\devenum.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\deskperf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\deskmon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\deskadp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\desk.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\defaultlocationcpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ddrawex.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ddraw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DDORes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DDOIProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ddodiag.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DDACLSys.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dcomcnfg.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dciman32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dccw.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dbnmpntw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dbnetlib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dbghelp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dbgeng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\davhlpr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\davclnt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dataclen.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3dxof.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3dx9_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3dx9_27.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3dramp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3dim700.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3dim.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d9.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d8thk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d8.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d11.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d10warp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d10level9.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d10core.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d10_1core.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d10_1.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d10.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d2d1.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cttunesvr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cttune.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ctl3d32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ctfmon.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CSVer.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\csrr.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cscript.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cscdll.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cscapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptxml.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptsp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptnet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptdll.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptdlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptbase.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\crypt32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\crtdll.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\credwiz.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\credui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\credssp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CPFilters.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\convert.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\control.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\console.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\connect.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comuid.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comsvcs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comsnap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comrepl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ComputerDefaults.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\compstui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\compobj.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\compmgmt.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\compact.exe:coranti
         

Alt 07.10.2012, 10:53   #5
holzdan
 
SweetPacks IM , Yourfile Downloader - Standard

SweetPacks IM , Yourfile Downloader



otl.txt part 4

Code:
ATTFilter
 @Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comexp.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comdlg32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comctl32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comcat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\colorui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\colorcpl.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\COLORCNV.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\colbact.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cnvfat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cngprovider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cngaudit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmstplua.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmstp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmpbk32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmmon32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmlua.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmipnpinstall.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmifw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmicryptinstall.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmdl32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmdkey.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmdial32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmd.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmcfg32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\clusapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\clip.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cliconfg.rll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cliconfg.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cliconfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\clfsw32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cleanmgr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\clbcatq.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\clb.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cipher.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cintlgnt.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cic.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CHxReadingStringIME.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\chtbrkr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\chsbrkr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\choice.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\chkntfs.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\chkdsk.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\chcp.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\charmap.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\chajei.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cfgmgr32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cfgbkend.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cewmdm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certutil.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certreq.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CertPolEng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certmgr.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CertEnrollUI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CertEnrollCtrl.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CertEnroll.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certenc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certCredProvider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certcli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cero.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cdosys.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CCCInstall_201203111630271511.log:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cca.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\catsrvut.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\catsrvps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\catsrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\capisp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\capiprovider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\capicom.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\calc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cacls.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cabview.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cabinet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_ISCII.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_IS2022.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_G18030.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_950.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_949.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_936.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_932.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_875.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_874.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_870.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_869.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_866.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_865.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_864.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_863.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_862.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_861.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_860.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_858.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_857.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_855.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_852.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_850.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_775.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_737.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_720.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_708.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_500.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_437.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28605.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\c_28603.nls:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28599.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28598.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28597.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28596.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28595.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28594.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28593.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28592.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28591.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_21866.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_21027.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_21025.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20949.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20936.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20932.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20924.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20905.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20880.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20871.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20866.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20838.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20833.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20424.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20423.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20420.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20297.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20290.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20285.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20284.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20280.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20278.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20277.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20273.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20269.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20261.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20127.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20108.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20107.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20106.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20105.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20005.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20004.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20003.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20002.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20001.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20000.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1361.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1258.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1257.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1256.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1255.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1254.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1253.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1252.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1251.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1250.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1149.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1148.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1147.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1146.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1145.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1144.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1143.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1142.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1141.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1140.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1047.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1026.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10082.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10081.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10079.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10029.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10021.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10017.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10010.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10008.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10007.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10006.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10005.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10004.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10003.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10002.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10001.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10000.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_037.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\BWUnpairElevated.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\BWContextHandler.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Bubbles.scr:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\btpanui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bthudtask.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bthprops.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\browseui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\browcli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bopomofo.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\BOOTVID.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bootcfg.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\boot.sdi:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\blackbox.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsprx6.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsprx5.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsprx4.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsprx3.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsprx2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsperf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsadmin.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\BioCredProv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bidispl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bdaplgin.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bcryptprimitives.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bcrypt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\batmeter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\basecsp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AzSqlExt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\azroleui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\azroles.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\azman.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\avrt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\avifil32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\avicap32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AuxiliaryDisplayCpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AuxiliaryDisplayApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\autoplay.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\autofmt.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\autoconv.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\autochk.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\authz.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\authui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AuthFWWizFwk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AuthFWSnapin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AuthFWGP.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\authfwcfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\auditpol.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AudioSes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AUDIOKSE.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AudioEng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\audiodev.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\attrib.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atmlib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atmfd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atl100.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ativvsvl.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ativvsva.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atiumdmv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atipdlxx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atipblag.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AtBroker.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\at.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\asycfilt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\asferror.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ARP.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\apss.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\appwiz.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\appidapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Apphlpdm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\apphelp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\apisetschema.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\apircl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-service-winsvc-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-service-management-l2-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-service-management-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-service-core-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-security-sddl-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-security-lsalookup-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\apilogen.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\apds.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\amxread.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\amstream.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AltTab.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelSwedish.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelSpanish.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelPortugese.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelKorean.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelJapanese.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelGerman.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelFrench.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\aeevts.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\aecache.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\advpack.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\advapi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\adtschema.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\adsnt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\adsmsext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\adsldpc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\adsldp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\adprovider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\admparse.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AdapterTroubleshooter.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\actxprxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\activeds.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\activeds.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ActionCenterCPL.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ActionCenter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\acppage.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\aclui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\acledit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ACCTRES.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\accessibilitycpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\aaclient.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\12520850.cpx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\12520437.cpx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\system.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysNative\drivers\etc\services:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysNative\drivers\etc\protocol:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysNative\drivers\etc\networks:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysNative\drivers\etc\lmhosts.sam:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysNative\drivers\etc\hosts.20121006-162602.backup:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Suyin.reg:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Starter.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\splwow64.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\RtlExUpd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\regedit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Prelaunch.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\PLFSetI.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\PLaunch.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\PidList.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\PatchFul.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\ParseModule_X86.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\ParseModule_X64.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\ODBC.INI:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\notepad.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\NewDeployWinRE.cmd:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\msdfmap.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\MOD01SET75000N0006.enc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\MOD01SET74DE0N0003.XML:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\MOD01SET74DE0N0003.enc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\mib.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\LManager.UNI:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\LaunApp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Image.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\HomePremium.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\HomeBasic.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\hh.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\HelpPane.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\GVUni.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\GridV.UNI:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\fveupdate.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Fonts\GlobalSerif.CompositeFont:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Fonts\GlobalMonospace.CompositeFont:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Factory.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\explorer.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\epplauncher.mif:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\EB6BE8A5-11AE-4e2b-8B6E-974168C301C8.DSI:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\CSUP.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\ChangeLang_Done.tag:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Capsule.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\bootstat.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\bfsvc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\agrsmdel.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\agrdel64.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Acer Crystal Eye webcam.ico:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Acer Crystal Eye webcam.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\0:coranti
@Alternate Data Stream - 52 bytes -> C:\vcredist.bmp:coranti
@Alternate Data Stream - 52 bytes -> C:\VC_RED.MSI:coranti
@Alternate Data Stream - 52 bytes -> C:\VC_RED.cab:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\Public\Documents\NTILiveUpdate.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\Public\Documents\NTIBUN5.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\Public\Documents\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\SecurityKISSTunnel.config:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\ntuser.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\Documents\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\Desktop\END Strom.PDF:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\AppData\Local\GDIPFONTCACHEV1.DAT:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\AppData\Local\fusioncache.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\user.js:coranti
@Alternate Data Stream - 52 bytes -> C:\RHDSetup.log:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\PS.log:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\FullRemove.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\ArcadeDeluxe3.log:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\1331426446.4376.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\1331426446.3724.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\1331426446.3708.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\1331426446.2708.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\1331420176.bdinstall.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\Program Files\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Program Files (x86)\Steam\Steam.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Program Files (x86)\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Program Files (x86)\Common Files\Acer GameZone online.ico:coranti
@Alternate Data Stream - 52 bytes -> C:\Preload.rev:coranti
@Alternate Data Stream - 52 bytes -> C:\Patch.rev:coranti
@Alternate Data Stream - 52 bytes -> C:\mcdbp.log:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.3082.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.2052.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1049.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1042.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1041.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1040.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1036.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1033.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1031.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1028.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\install.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\globdata.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.3082.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.2052.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1049.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1042.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1041.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1040.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1036.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1033.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1031.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1028.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\BOOTSECT.BAK:coranti
@Alternate Data Stream - 52 bytes -> C:\bootmgr:coranti
@Alternate Data Stream - 52 bytes -> C:\bdlog.txt:coranti
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:F297470E
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
         
koennte vielleicht jemand bitte einen Blick drueber werfen wenn es sich ausgeht


Alt 07.10.2012, 18:57   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SweetPacks IM , Yourfile Downloader - Standard

SweetPacks IM , Yourfile Downloader



Zitat:
Habe die Logs der Virenscans leider nicht gespeichert.
Malwarebytes speichert alle Logs im Reiter Logdateien
__________________
--> SweetPacks IM , Yourfile Downloader

Alt 07.10.2012, 21:02   #7
holzdan
 
SweetPacks IM , Yourfile Downloader - Standard

SweetPacks IM , Yourfile Downloader



Code:
ATTFilter
 Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.04.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
aaa :: AAA-PC [Administrator]

07.10.2012 11:37:07
mbam-log-2012-10-07 (11-37-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 345652
Laufzeit: 35 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 07.10.2012, 21:11   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SweetPacks IM , Yourfile Downloader - Standard

SweetPacks IM , Yourfile Downloader



Sind das alle Logs von Malwarebytes?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.10.2012, 21:19   #9
holzdan
 
SweetPacks IM , Yourfile Downloader - Standard

SweetPacks IM , Yourfile Downloader



Es sind mehrere aber alle mit dem selben inhalt

Alt 07.10.2012, 21:26   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SweetPacks IM , Yourfile Downloader - Standard

SweetPacks IM , Yourfile Downloader



Verschiedene Logs mit demselben Inhalt?
Wie auch immer: es wurde nichts und niemals was gefunden?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.10.2012, 21:29   #11
holzdan
 
SweetPacks IM , Yourfile Downloader - Standard

SweetPacks IM , Yourfile Downloader



mit Malwarebytes nicht.
klar hatte ich mal irgendwann was drauf aber das ist schon lange her und kann mich nicht mehr an di malware erinnern , auch nicht welches av ich damals benutzte... ich wechsele staendig av programme und probier wieder andere aus. Habe Malwarebytes uebrigens erst vor einigen Tagen installiert

Alt 07.10.2012, 21:42   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SweetPacks IM , Yourfile Downloader - Standard

SweetPacks IM , Yourfile Downloader



Zitat:
klar hatte ich mal irgendwann was drauf
Bitte nicht zu genau posten, wir könnte sonst wissen was gefunden wurde
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.10.2012, 11:34   #13
holzdan
 
SweetPacks IM , Yourfile Downloader - Standard

SweetPacks IM , Yourfile Downloader



habe windows nun bereits um die 2 Jahre installiert und noch nie formatiert...
daher kann ich mich nicht mehr genau erinnern was damals gefunden wurde , ich erinnere mich nur noch daran dass mal etwas gefunden wurde aber das ist ja eher die Regel als die Ausnahme...

Alt 08.10.2012, 13:13   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SweetPacks IM , Yourfile Downloader - Standard

SweetPacks IM , Yourfile Downloader



Weiß du denn welcher Scanner was gefunden hat? Wenn ja ist vllt noch das Log da?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.10.2012, 17:54   #15
holzdan
 
SweetPacks IM , Yourfile Downloader - Standard

SweetPacks IM , Yourfile Downloader



nein kann mich wirklich nicht mehr daran erinnern.
Habe auch die Verzeichnisse nach eventuellen Logs untersucht.
Leider nix zu finden , sorry

Antwort

Themen zu SweetPacks IM , Yourfile Downloader
anderen, cc cleaner, cleaner, downloader, einfach, erkennen, eset, infektion, installiert, internet, langsam, lizenz, log, malwarebytes, posten, scan, scanner, schutz, security, suite, sweetpacks, system, tools, tune up, verschiedene, wirklich, übrig, yourfile downloader



Ähnliche Themen: SweetPacks IM , Yourfile Downloader


  1. TR/Downloader.Gen
    Plagegeister aller Art und deren Bekämpfung - 25.10.2015 (8)
  2. Malware durch dubiosen Downloader (Lightning Downloader)
    Log-Analyse und Auswertung - 10.07.2015 (9)
  3. Yourfile Downloader Befall, wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 22.09.2014 (23)
  4. Yourfile Downloader - Troyaner - wie entfernt man den Mist?
    Plagegeister aller Art und deren Bekämpfung - 25.08.2014 (20)
  5. Yourfile Downloader ist auf meinem Rechner - wie kann ich es entfernen?
    Plagegeister aller Art und deren Bekämpfung - 24.08.2014 (17)
  6. Yourfile Downloader Malware
    Plagegeister aller Art und deren Bekämpfung - 31.07.2014 (7)
  7. yourfile downloader. Virus oder Adware?
    Plagegeister aller Art und deren Bekämpfung - 25.07.2014 (19)
  8. Probleme mit Yourfile Downloader
    Plagegeister aller Art und deren Bekämpfung - 05.05.2014 (7)
  9. yourfile downloader
    Plagegeister aller Art und deren Bekämpfung - 30.04.2014 (11)
  10. XP SP3 und externe Festplatte haben EXP/CVE-2013-1493.A.Gen, PUP.Optional.SweetIM.A und PUP.Optional.SweetPacks
    Log-Analyse und Auswertung - 19.04.2014 (7)
  11. Windows 7: PUP.Optional.Sweetpacks
    Log-Analyse und Auswertung - 21.09.2013 (17)
  12. Probleme beim Deinstallieren von Iminent und SweetPacks Updater Service
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (11)
  13. PUP.Optional.Sweetpacks, PUP.Optional.Conduit bei Scan mit Malwarebytes gefunden
    Log-Analyse und Auswertung - 04.09.2013 (27)
  14. TR/Downloader.Gen in msm
    Plagegeister aller Art und deren Bekämpfung - 02.02.2009 (0)
  15. Downloader-UA.h
    Plagegeister aller Art und deren Bekämpfung - 04.06.2008 (1)
  16. Downloader
    Plagegeister aller Art und deren Bekämpfung - 16.08.2006 (3)
  17. HILFEEEE!!!trojan-downloader-ruin, trojan-downloader-wareout
    Log-Analyse und Auswertung - 16.09.2005 (1)

Zum Thema SweetPacks IM , Yourfile Downloader - Hallo. Da mir die Lizenz fuer meine Internet Security Suite verfallen ist war ich nun eine Zeit lang ohne Schutz im Netz unterwegs.Da hat es nicht lange gedauert und ich - SweetPacks IM , Yourfile Downloader...
Archiv
Du betrachtest: SweetPacks IM , Yourfile Downloader auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.