Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   SweetPacks IM , Yourfile Downloader (https://www.trojaner-board.de/125279-sweetpacks-yourfile-downloader.html)

holzdan 07.10.2012 00:38
SweetPacks IM , Yourfile Downloader
 
Hallo.
Da mir die Lizenz fuer meine Internet Security Suite verfallen ist war ich nun eine Zeit lang ohne Schutz im Netz unterwegs.Da hat es nicht lange gedauert und ich hatte schon verschiedene toolbars wie babylon , pc beschleunigen tool usw auf der Platte.Auch Sweet Packs IM und yourfile downloader obwohl ich mich nicht erinnern konnte sowas je installiert zu haben.Habe nun Sweet Packs und yourfile downloader , babylon deinstalliert doch ich werde einfach das Gefuehl nicht los dass noch irgendwas übrig ist da mein System wirklich ungalublich langsam läuft seitdem mir diese "Tools" aufgefallen sind.Habe auch mein System wieder ein wenig aufgeräumt mit tune up utilities und cc cleaner was normalerweise den Pc immer wieder etwas flotter macht , diesmal nicht.
Habe meinen Pc auch schon mit Malwarebytes , Eset und einigen anderen Scannern getestet jedoch wurde nix gefunden.
Daher wollte ich meinen OLT - Log hier posten und hoffe mir kann jemand damit weiterhelfen und vielleicht eine Infektion erkennen.

cosinus 07.10.2012 09:13
Trotzdem bitte alle Logs von malwarebytes und ESET posten
Die Logs enthalten ein paar mehr Infos als nur Fund oder kein Fund.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

holzdan 07.10.2012 10:28
Habe die Logs der Virenscans leider nicht gespeichert.
Werde sie daher nochmal laufen lassen.Hier inzwischen meine otl.txt

otl.txt part 1

Code:
OTL logfile created on: 07.10.2012 11:14:15 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\aaa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 67,95% Memory free
7,73 Gb Paging File | 6,46 Gb Available in Paging File | 83,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463,16 Gb Total Space | 379,91 Gb Free Space | 82,02% Space Free | Partition Type: NTFS
 
Computer Name: AAA-PC | User Name: aaa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.07 01:21:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aaa\Desktop\OTL.exe
PRC - [2012.09.20 05:38:56 | 000,175,496 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
PRC - [2012.08.06 13:44:16 | 000,642,216 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.01.27 09:47:20 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe
PRC - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.07.10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.10.06 19:20:37 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012.09.20 05:38:56 | 000,175,496 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2012.08.30 13:23:28 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012.08.28 17:52:44 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.23 10:17:28 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012.01.27 09:47:20 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe -- (tvnserver)
SRV - [2010.07.08 14:18:29 | 000,333,264 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\3DataManager\WTGService.exe -- (WTGService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.03 16:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2009.11.02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.09.30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.09.25 01:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.09.11 07:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.07.10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) [Disabled | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.01 18:31:53 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.09.20 05:11:58 | 000,086,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2012.09.12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.03 10:23:28 | 000,035,064 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\CFRMD.sys -- (CFRMD)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.04.13 20:12:13 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2012.04.13 20:12:13 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2012.04.13 20:12:13 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2012.04.13 20:12:13 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.21 16:44:30 | 002,793,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.10.17 16:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.07.01 05:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.02.27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.03 17:07:04 | 001,224,192 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.09.18 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.06 14:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.07.23 00:06:26 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.25 04:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360312d206l04c8z135t64n1c413
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={27A42084-C696-11E1-ACC2-0017C4F1B1FE}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360312d206l04c8z135t64n1c413
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&babsrc=SP_ss&mntrId=d65cf95f0000000000000017c4f1b1fe
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT474
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={224E4F9B-E9F3-4617-9BC5-9CE19CA4FA5F}&mid=59da8dcef8ac47d08f78d15e8215580d-2e33c930fa5d3169a9ea342d66355adcb0b86bd8&lang=de&ds=cv011&pr=sa&d=2012-07-05 13:39:36&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.06 17:15:11 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2012.10.06 16:26:02 | 000,444,411 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        www.123fporn.info
O1 - Hosts: 15262 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe (GlavSoft LLC.)
O4 - HKCU..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.exe - Verknüpfung.lnk = C:\Users\aaa\Desktop\PROXOMITRON\Proxomitron.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04DDC8C3-4207-4A03-847A-5F0D098AC1F3}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{908D8B77-90CF-4CB0-84F4-67EF8DA6CDD4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{908D8B77-90CF-4CB0-84F4-67EF8DA6CDD4}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/html - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/html - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{70624967-858a-11e1-a36c-0017c4f1b1fe}\Shell - "" = AutoRun
O33 - MountPoints2\{70624967-858a-11e1-a36c-0017c4f1b1fe}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.07 11:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMODO
[2012.10.07 11:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Comodo
[2012.10.07 11:12:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.10.07 11:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012.10.07 11:09:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012.10.07 01:21:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\aaa\Desktop\OTL.exe
[2012.10.07 01:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.07 00:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakNow PowerPack 2012
[2012.10.07 00:49:00 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\TweakNow PowerPack 2012
[2012.10.07 00:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweakNow PowerPack 2012
[2012.10.07 00:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012.10.07 00:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2012.10.07 00:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012.10.07 00:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012.10.07 00:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GFI Software
[2012.10.07 00:04:24 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012.10.07 00:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012.10.06 23:52:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.10.06 23:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.10.06 23:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.10.06 23:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.10.06 22:53:52 | 000,000,000 | ---D | C] -- C:\AMD
[2012.10.06 22:48:11 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\Chromium
[2012.10.06 22:43:36 | 000,000,000 | ---D | C] -- C:\Users\aaa\Documents\My Games
[2012.10.06 21:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2012.10.06 21:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2012.10.06 21:26:49 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zak McKracken - Between Time & Space
[2012.10.06 21:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zak McKracken - Between Time & Space
[2012.10.06 21:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zak2
[2012.10.06 21:22:09 | 000,000,000 | ---D | C] -- C:\Users\aaa\Desktop\zak
[2012.10.06 21:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012.10.06 21:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2012.10.06 21:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2012.10.06 20:00:52 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012.10.06 19:28:34 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012.10.06 19:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2012.10.06 16:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.10.06 16:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.10.06 15:28:17 | 000,000,000 | -H-D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items
[2012.10.06 15:28:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items
[2012.10.06 15:28:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2012.10.06 15:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Greatis
[2012.10.06 15:16:09 | 000,039,184 | ---- | C] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2012.10.06 15:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2012.10.06 15:11:49 | 000,000,000 | ---D | C] -- C:\Users\aaa\Documents\RegRun2
[2012.10.06 12:20:58 | 000,000,000 | ---D | C] -- C:\Users\aaa\Desktop\Bücher-links
[2012.10.06 02:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Coranti
[2012.10.06 02:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Coranti
[2012.10.06 02:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GFI Software
[2012.10.06 02:16:35 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\GFI Software
[2012.10.06 01:44:52 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\Sophos
[2012.10.06 01:25:13 | 000,000,000 | ---D | C] -- C:\Users\aaa\Local Settings
[2012.10.06 01:16:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012.10.06 01:00:50 | 000,000,000 | ---D | C] -- C:\escw_100_sa
[2012.10.06 00:57:47 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\Symantec
[2012.10.06 00:55:23 | 000,287,152 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\SymVPN.dll
[2012.10.06 00:55:23 | 000,058,288 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\snacnp.dll
[2012.10.05 23:52:02 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012.10.05 23:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012.10.05 23:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012.10.05 23:51:28 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\TestApp
[2012.10.05 23:27:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.10.05 22:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2012.10.05 21:41:00 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012.10.05 21:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012.10.05 21:40:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy Arcade
[2012.10.05 21:40:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions
[2012.10.05 21:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra
[2012.10.05 20:30:20 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Netdevil
[2012.10.05 20:06:36 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\GameSpy
[2012.10.05 20:06:27 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\ApplicationHistory
[2012.10.05 20:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy
[2012.10.05 20:06:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy
[2012.10.05 20:05:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2012.10.05 20:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA
[2012.10.05 20:03:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2012.10.05 20:03:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012.10.05 20:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.10.05 20:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Netdevil
[2012.10.05 15:34:02 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tennis Elbow 2011
[2012.10.05 15:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tennis Elbow 2011
[2012.10.05 15:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tennis Elbow 2011
[2012.10.01 18:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
[2012.10.01 18:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LucasArts
[2012.10.01 18:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2012.10.01 18:31:53 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.10.01 18:31:49 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\DAEMON Tools Pro
[2012.10.01 18:31:43 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\OpenCandy
[2012.10.01 18:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2012.10.01 18:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2012.09.20 05:40:04 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysWow64\sbbd.exe
[2012.09.20 05:11:58 | 000,086,816 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbwtis.sys
[2012.09.12 20:19:42 | 000,634,560 | ---- | C] (Xceed Software Inc        (450) 442-2626        support@xceedsoft.com        www.xceedsoft.com) -- C:\Windows\SysWow64\XceedZip.dll
[2012.09.12 20:19:38 | 000,082,872 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbapifs.sys
[2009.11.05 05:33:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.07 11:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.07 11:17:10 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 11:17:10 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 11:12:19 | 000,002,051 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk
[2012.10.07 11:12:19 | 000,002,047 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2012.10.07 11:12:19 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2012.10.07 11:09:30 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.07 11:08:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.07 10:40:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.07 01:39:54 | 000,000,000 | ---- | M] () -- C:\Users\aaa\defogger_reenable
[2012.10.07 01:22:06 | 000,050,477 | ---- | M] () -- C:\Users\aaa\Desktop\Defogger.exe
[2012.10.07 01:21:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aaa\Desktop\OTL.exe
[2012.10.07 00:49:08 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\TweakNow PowerPack 2012.lnk
[2012.10.07 00:37:17 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012.10.07 00:04:28 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\VIPRE.lnk
[2012.10.06 23:45:46 | 000,007,669 | ---- | M] () -- C:\Users\aaa\AppData\Local\Resmon.ResmonCfg
[2012.10.06 23:22:32 | 000,001,110 | ---- | M] () -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.exe - Verknüpfung.lnk
[2012.10.06 23:17:42 | 000,000,372 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.10.06 22:36:54 | 003,629,231 | ---- | M] () -- C:\Program Files (x86)\YourFileDownloader.rar
[2012.10.06 21:26:50 | 000,000,959 | ---- | M] () -- C:\Users\aaa\Desktop\Zak McKracken - BTAS.lnk
[2012.10.06 21:14:57 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012.10.06 21:14:57 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012.10.06 19:28:34 | 000,000,219 | ---- | M] () -- C:\Users\aaa\Desktop\Counter-Strike Source.url
[2012.10.06 19:08:02 | 000,001,837 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.10.06 16:46:41 | 000,005,104 | ---- | M] () -- C:\Windows\wininit.ini
[2012.10.06 16:26:02 | 000,444,411 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.10.06 15:28:21 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012.10.06 15:28:21 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2012.10.06 15:28:21 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012.10.06 15:16:09 | 000,039,184 | ---- | M] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2012.10.06 00:55:23 | 000,287,152 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\SymVPN.dll
[2012.10.06 00:55:23 | 000,058,288 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\snacnp.dll
[2012.10.05 23:52:24 | 001,997,385 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012.10.05 20:41:19 | 000,362,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.05 20:06:27 | 000,000,091 | ---- | M] () -- C:\Users\aaa\AppData\Local\fusioncache.dat
[2012.10.05 20:05:29 | 001,554,122 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.05 20:05:29 | 000,664,634 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.05 20:05:29 | 000,624,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.05 20:05:29 | 000,134,770 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.05 20:05:29 | 000,110,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.02 03:00:36 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.10.01 18:33:54 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.01 18:31:53 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.09.26 16:55:44 | 000,000,162 | ---- | M] () -- C:\Users\aaa\SecurityKISSTunnel.config
[2012.09.20 05:40:04 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysWow64\sbbd.exe
[2012.09.20 05:40:04 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012.09.20 05:11:58 | 000,086,816 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\sbwtis.sys
[2012.09.12 20:19:42 | 000,634,560 | ---- | M] (Xceed Software Inc        (450) 442-2626        support@xceedsoft.com        www.xceedsoft.com) -- C:\Windows\SysWow64\XceedZip.dll
[2012.09.12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\sbapifs.sys
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.07 11:12:19 | 000,002,051 | ---- | C] () -- C:\Users\Public\Desktop\AntiError.lnk
[2012.10.07 11:12:19 | 000,002,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2012.10.07 11:12:19 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2012.10.07 01:39:54 | 000,000,000 | ---- | C] () -- C:\Users\aaa\defogger_reenable
[2012.10.07 01:22:06 | 000,050,477 | ---- | C] () -- C:\Users\aaa\Desktop\Defogger.exe
[2012.10.07 00:49:08 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\TweakNow PowerPack 2012.lnk
[2012.10.07 00:37:17 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012.10.07 00:04:28 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE.lnk
[2012.10.06 23:45:46 | 000,007,669 | ---- | C] () -- C:\Users\aaa\AppData\Local\Resmon.ResmonCfg
[2012.10.06 23:22:32 | 000,001,110 | ---- | C] () -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.exe - Verknüpfung.lnk
[2012.10.06 22:36:53 | 003,629,231 | ---- | C] () -- C:\Program Files (x86)\YourFileDownloader.rar
[2012.10.06 21:28:52 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.10.06 21:28:52 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2012.10.06 21:28:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.10.06 21:26:50 | 000,000,959 | ---- | C] () -- C:\Users\aaa\Desktop\Zak McKracken - BTAS.lnk
[2012.10.06 21:14:57 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012.10.06 21:14:57 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012.10.06 19:28:34 | 000,000,219 | ---- | C] () -- C:\Users\aaa\Desktop\Counter-Strike Source.url
[2012.10.06 19:08:02 | 000,001,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.10.06 19:08:02 | 000,001,837 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.10.06 16:46:33 | 000,005,104 | ---- | C] () -- C:\Windows\wininit.ini
[2012.10.06 15:28:02 | 000,057,556 | ---- | C] () -- C:\Windows\guard.bmp
[2012.10.06 15:11:51 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012.10.06 15:11:51 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2012.10.06 15:11:51 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012.10.05 23:52:08 | 001,997,385 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012.10.05 20:06:27 | 000,000,091 | ---- | C] () -- C:\Users\aaa\AppData\Local\fusioncache.dat
[2012.10.05 15:34:10 | 000,921,600 | ---- | C] () -- C:\Windows\SysNative\vorbisenc.dll
[2012.10.05 15:34:10 | 000,237,568 | ---- | C] () -- C:\Windows\SysNative\OggDS.dll
[2012.10.05 15:34:10 | 000,188,416 | ---- | C] () -- C:\Windows\SysNative\vorbis.dll
[2012.10.05 15:34:10 | 000,045,056 | ---- | C] () -- C:\Windows\SysNative\ogg.dll
[2012.05.28 12:29:23 | 000,000,162 | ---- | C] () -- C:\Users\aaa\SecurityKISSTunnel.config
[2012.03.11 17:44:19 | 001,554,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.11 05:13:30 | 000,001,744 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2012.03.11 02:40:53 | 000,026,569 | ---- | C] () -- C:\ProgramData\1331426446.4376.bin
[2012.03.11 02:40:48 | 000,008,383 | ---- | C] () -- C:\ProgramData\1331426446.3708.bin
[2012.03.11 02:40:47 | 000,006,945 | ---- | C] () -- C:\ProgramData\1331426446.3724.bin
[2012.03.11 02:40:46 | 000,054,366 | ---- | C] () -- C:\ProgramData\1331426446.2708.bin
[2012.03.11 01:48:28 | 000,000,372 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.03.11 01:15:44 | 000,302,835 | ---- | C] () -- C:\ProgramData\1331420176.bdinstall.bin
[2012.03.10 21:05:49 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2012.03.10 21:05:49 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012.03.10 21:05:49 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012.03.10 21:05:49 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2012.03.10 20:46:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.07 20:35:48 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlibwapi.dll
[2012.02.07 20:35:48 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.04.13 20:47:28 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\3DataManager
[2012.03.11 01:03:45 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Bitdefender
[2012.03.14 23:51:04 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\BitTorrent
[2012.03.24 20:40:48 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Cerberus LLC
[2012.10.06 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\DAEMON Tools Pro
[2012.03.26 19:10:35 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\foobar2000
[2012.05.01 20:29:42 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\GameHouse
[2012.10.06 02:16:35 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\GFI Software
[2012.03.24 20:07:29 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\GrabPro
[2012.07.05 13:17:39 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\ImgBurn
[2012.03.11 16:53:28 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\KC Softwares
[2012.10.01 18:31:46 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\OpenCandy
[2012.05.11 11:03:43 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\OpenOffice.org
[2012.10.06 19:08:11 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Opera
[2012.10.05 23:28:13 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Orbit
[2012.03.24 20:08:18 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\ProgSense
[2012.03.11 01:00:45 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\QuickScan
[2012.03.14 22:34:31 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Securepoint Operation Center
[2012.10.05 23:51:28 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\TestApp
[2012.10.05 23:28:33 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\TuneUp Software
[2012.10.07 00:49:03 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\TweakNow PowerPack 2012
[2012.10.06 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\uTorrent
[2012.05.02 17:42:17 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\YourFileDownloader
otl.txt part 2

Code:
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 52 bytes -> C:\Windows\write.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WPatchProgress.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WMSysPr9.prx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WLXPGSS.SCR:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisPriority.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisMvImg.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisLangCode.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisGAPasx64.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisGAPas.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winhlp32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WindowsUpdate.log:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WindowsShell.Manifest:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WIN7BASE_XX.TAG:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\win.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\USER.XML:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\USB_VIDEO_REG.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\UNINST32.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\twunk_32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\twunk_16.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\twain_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\twain.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\tasks\SCHEDLGU.TXT:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\zlibwapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\zlib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\zipfldr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwtpw32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwtpdui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwreg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwizards.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwizard.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwizard.dtd:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xpssvcs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XPSSHHDR.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xpsservices.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xpsrchvw.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xpsrchvw.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XpsRasterService.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XpsPrint.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XpsGdiConverter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XpsFilt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xolehlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xmlprovi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xmllite.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xmlfilter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XInput9_1_0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xcopy.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XceedSco.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XceedCry.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wzcdlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wwapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WWanAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wuwebv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wusa.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wups.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wudriver.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wuapp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wuapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wtsapi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSTPager.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsock32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsnmp32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmWmiPl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmTxt.xsl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmSvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmRes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmPty.xsl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsmprovhost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsmplpxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmAuto.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSManMigrationPlugin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSManHTTPConfig.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsmanconfig_schema.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSHTCPIP.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshrm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshqos.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshom.ocx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshirda.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wship6.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshelper.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshcon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshbth.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsecedit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsdchngr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSDApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscui.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscript.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscproxystub.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscmisetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscisvif.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscinterop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ws2help.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ws2_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\write.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wpdwcn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WPDSp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WPDShServiceObj.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WPDShextAutoplay.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wpdshext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wpcsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wpcao.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Wpc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wowreg32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wow32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVXENCD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVSENCD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVSDECD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVENCOD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmvdspa.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVDECOD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVCORE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMSPDMOE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMSPDMOD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmsgapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMPhoto.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMNetMgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmiprop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmidx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdrmsdk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdrmnet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdrmdev.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdmps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdmlog.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmcodecdspps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMASF.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMADMOE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMADMOD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WlS0WndH.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlgpclnt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Wldap32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlansec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanpref.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanmsm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WlanMM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlaninst.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanhlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlangpui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanext.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlandlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WLanConn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlancfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wksprtPS.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wkscli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WISPTIS.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winver.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winusb.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wintrust.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WinSyncProviders.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WinSyncMetastore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WinSync.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winsta.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WINSRPC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winspool.drv:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winsockhc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winshfhc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WinSCard.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WinSATAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrssrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrsmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrshost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrscmd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrs.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrnr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrm.vbs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrm.cmd:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winnsi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winmm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winipsec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wininit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wininet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winhttp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WinFax.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WindowsCodecsExt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WindowsCodecs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wincredprovider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winbrand.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winbio.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\win32spl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wimserv.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wimgapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiavideo.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiatrace.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiashext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiascanprofiles.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WiaExtensionHost64.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiadss.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiadefui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiaaut.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiaacmgr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\whoami.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\whhelper.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\where.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\whealogr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WfHC.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wfapigp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WF.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wextract.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wevtutil.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wevtfwd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wevtapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\werui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wermgr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WerFaultSecure.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WerFault.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\werdiagcontroller.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wer.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wecutil.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wecapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\webservices.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\webio.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WebClnt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\webcheck.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WEB.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wdscore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wdmaud.drv:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wdigest.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wdi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wdc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WcsPlugInService.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wcnwiz.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WcnEapPeerProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WcnEapAuthProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wcncsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WcnApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wbemcomn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wavemsp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\waitfor.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WABSyncProvider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\w32topl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\w32tm.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vsstrace.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vssapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vssadmin.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vss_ps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vpnikeapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\virtdisk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VIDRESZR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vidcap.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vfwwdm32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vfpodbc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\version.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\verifier.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\verifier.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\verclsid.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VEN2232.OLB:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vdsvd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vdsdyn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vdsbas.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vds_ps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vdmdbg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vcomp100.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vbscript.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vbisurf.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VBICodec.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VBAME.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vbajet32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VBAEND32.OLB:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VBAEN32.OLB:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VBADE32.OLB:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vaultcli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Vault.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VAN.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uxtheme.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uxlibres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uxlib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UXInit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uudf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Utilman.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\utildll.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\usp10.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\usk.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\userinit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\userenv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\usercpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UserAccountControlSettings.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UserAccountControlSettings.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\user32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\user.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\usbui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\usbperf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\usbceip.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\urlmon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\url.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ureg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\upnphost.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\upnpcont.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\upnp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\untfs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\unlodctr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uniplat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\unimdmat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\unimdm.tsp:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\umdmxfrm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ulib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UIRibbonRes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UIRibbon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uicom.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UIAutomationCore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UIAnimation.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ufat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uexfat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\udhisapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ucmhc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ubpm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tzutil.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tzres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\typeperf.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\typelib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\txfw32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\txflog.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\twext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tvratings.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TsWpfWrp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TSWorkspace.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TSTheme.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tspkg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tsmf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tsgqec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TSChannel.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tsbyuv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tree.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TRAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\traffic.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TRACERT.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tracerpt.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tquery.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TpmInit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tpmcompc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tpm.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tlscsp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tintlgnt.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\timeout.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TimeDateMUICallback.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\timedate.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ticrf.rat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\thumbcache.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\themeui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\themecpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\thawbrkr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\termmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\telephon.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tdh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tdc.ocx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TCPSVCS.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tcpmonui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tcpipcfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tcpbidi.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tcmsetup.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tbs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TaskSchdPS.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\taskschd.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\taskschd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\taskmgr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tasklist.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\taskkill.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\taskeng.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\taskcomp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TapiUnattend.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tapiui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TapiSysprep.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tapisrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tapiperf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TapiMigPlugin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tapi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tapi3.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\takeown.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\t2embed.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\systray.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesRemote.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesProtection.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesPerformance.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesHardware.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesDataExecutionPrevention.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesComputerName.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesAdvanced.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\systeminfo.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\systemcpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\syssetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sysprtj.sep:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sysprint.sep:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sysmon.ocx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\syskey.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sysdm.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SynTPCOM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\syncui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SynCtrl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Syncreg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SynCOM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SyncInfrastructureps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SyncInfrastructure.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SyncHostps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SyncHost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\synceng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SyncCenter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sxstrace.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sxsstore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sxshared.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sxs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sxproxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\svchost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sud.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\subst.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SubRange.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\StructuredQuery.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Storprop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\StorageContextHandler.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\storage.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\stobject.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sti.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\stdole32.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\stdole2.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\stclient.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ssText3d.scr:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SSShim.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sspicli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ssdpapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sscore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\srvcli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\srhelper.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\srdelayed.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\srclient.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\srchadmin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqmapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlwoa.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlwid.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlunirl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlsrv32.rll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlsrv32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlcese30.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlceqp30.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlceoledb30.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spwizres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spwizimg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spwizeng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spwinsat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppwmi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppinst.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppcommdlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppcomapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppcext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppcc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spopk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spnet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SPInf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spfileq.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spbcd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SortWindows6Compat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SortServer2003Compat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sort.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\softpub.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\softkbd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\snmpapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SndVolSSO.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SndVol.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SMBHelperClass.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SmartcardCredentialProvider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\slwga.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\slmgr.vbs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\slcext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\slc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sisbkup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\simpdata.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\signdrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shwebsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shutdown.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shunimpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shsvcs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shsetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shrpubw.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shpafact.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shlwapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shimgvw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shimeng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ShiftJIS.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shgina.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shfolder.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shellstyle.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shell32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shdocvw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shacct.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SFCOM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sfc_os.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sfc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sfc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\setx.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\setupugc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\setupSNK.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\setupcln.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\setupapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\setup16.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SetIEInstalledDate.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sethc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SessEnv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\serwvdrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\services.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\serialui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SensorsCpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SensorsApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SensApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Sens.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sendmail.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\security.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\secur32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\secproc_ssp_isv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\secproc_ssp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\secproc_isv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\secproc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\secinit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sechost.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SecEdit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SearchProtocolHost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SearchIndexer.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SearchFolder.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SearchFilterHost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sdohlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sdiagprv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sdiagnhost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sdiageng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sdchange.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sdbinst.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scrrun.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scrobj.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scrnsave.scr:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scripto.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SCP32.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scksp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\schtasks.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\schedcli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\schannel.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scesrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scecli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SCardDlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scansetting.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sberes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sbeio.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sbe.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sas.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SampleRes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\samlib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\samcli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\runonce.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RunLegacyCPLElevated.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rundll32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\runas.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rtutils.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rtm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rtffilt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RstrtMgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rshx32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rsaenh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rrinstaller.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RpcRtRemote.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rpcrt4.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RpcPing.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rpcnsh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RpcNs4.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RPCNDFP.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rpchttp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RpcDiag.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ROUTE.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Robocopy.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rnr20.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rmoc3260.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RmClient.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RMActivate_ssp_isv.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RMActivate_ssp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RMActivate_isv.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RMActivate.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\riched32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\riched20.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Ribbons.scr:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rgb9rast.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\resutils.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RestartManagerUninstall.mof:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RestartManager.mof:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\resmon.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RESAMPLEDMO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\replace.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rendezvousSession.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\remotesp.tsp:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\remotepg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\relog.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rekeywiz.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\regsvr32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\regini.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\regedt32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\regedit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RegCtrl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\regapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\reg.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\recover.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ReAgentc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ReAgent.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rdrleakdiag.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rdprefdrvapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rdpencom.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rdpd3d.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rdpcore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rastls.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rastapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasser.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasppp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasplap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasphone.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasmxs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasmontr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RASMM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasman.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasgcw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\raserver.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasdlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasdial.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasdiag.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasctrs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasctrnm.h:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\raschap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rascfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasautou.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasapi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasadhlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\radarrs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\radardt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RacRules.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\racpldlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RacEngn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qwave.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\QUTIL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\quick.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Query.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\quartz.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\QSVRMGMT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\QSHVHOST.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qmgrprxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qintlgnt.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qedwipes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qedit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qdvd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qdv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\QCLIPROV.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qcap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qasf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\QAGENT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pwrshplugin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\puiobj.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\puiapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pstorsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pstorec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\psr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\psisrndr.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\psisdecd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PSHED.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pscript.sep:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\psbase.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\psapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\provthrd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\provsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\proquota.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\propsys.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\profapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\prntvpt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\prnntfy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\prnfldr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\prncache.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\printui.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\printui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\print.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\prflbmsg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\prevhost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PresentationNative_v0300.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PresentationHostProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PresentationHost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\powrprof.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\powercpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\powercfg.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\powercfg.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pots.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceWMDRM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceWiaCompat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceTypes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceSyncProvider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceStatus.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceConnectApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceClassExtension.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\poqexec.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\polstore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pnrpnsp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pnpsetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pnidui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pngfilt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pndx5032.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pndx5016.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pncrt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PlaySndSrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pla.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pku2u.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PkgMgr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pintlgnt.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PING.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pifmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pidgenx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pid.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PhysXLoader.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PhysX.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\photowiz.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PhotoScreensaver.scr:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PhotoMetadataHandler.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\phon.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfts.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PerfStringBackup.INI:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfproc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfos.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfnet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfmon.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfmon.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfhost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfdisk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfctrs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PerfCenterCpl.ico:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PerfCenterCPL.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pegi-pt.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pegi-fi.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pegibbfc.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pegi.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pdhui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pdh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pcwum.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pcl.sep:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pcaui.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pcaui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pautoenr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PATHPING.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\panmap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\packager.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\p2pnetsh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\P2PGraph.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\p2pcollab.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\P2P.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\osuninst.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\osk.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\osbaseln.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\OptionalFeatures.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\opengl32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\openfiles.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\OpenCL.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\OpcServices.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\OobeFldr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\OnLineIDCpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\onexui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\onex.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\olethk32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\olesvr32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oleres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\olepro32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oleprn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oledlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\olecli32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oleaut32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oleaccrc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oleacchooks.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oleacc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ole32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ole2nls.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ole2disp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ole2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ogldrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oflc.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\offfilt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odtext32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odpdx32.dll:coranti

holzdan 07.10.2012 10:52
otl.txt part 3

Code:
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odfox32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odexl32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oddbse32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbctrac.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcjt32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcji32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcint.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbccu32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbccr32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbccp32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcconf.rsp:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcconf.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcconf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcbcp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcad32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbc32gt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbc32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ocsetup.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ocsetapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\occache.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\objsel.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntvdm64.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntshrui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntprint.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntprint.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntoskrnl.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntmarta.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntlanui2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntlanman.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntkrnlpa.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntdsapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntdll.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nslookup.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nsi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nshwfp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nshipsec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nshhttp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\npmproxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\notepad.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\normaliz.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NOISE.THA:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\noise.kor:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\noise.jpn:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NOISE.DAT:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NOISE.CHT:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NOISE.CHS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsModels0011.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0c1a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons081a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0816.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0416.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0414.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons004e.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons004c.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons004b.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons004a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0049.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0047.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0046.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0045.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons003e.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0039.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons002a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0027.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0026.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0024.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0022.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0021.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0020.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons001d.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons001b.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons001a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0019.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0018.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0013.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0011.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0010.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons000f.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons000d.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons000c.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons000a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0009.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0007.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0003.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0002.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0001.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Nlsdl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0c1a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData081a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0816.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0416.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0414.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData004e.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData004c.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData004b.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData004a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0049.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0047.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0046.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0045.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData003e.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0039.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData002a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0027.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0026.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0024.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0022.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0021.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0020.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData001d.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData001b.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData001a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0019.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0018.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0013.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0011.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0010.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData000f.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData000d.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData000c.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData000a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0009.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0007.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0003.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0002.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0001.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0000.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nlsbres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nlmsprep.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nlmgp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nlhtml.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nlaapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\newdev.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\newdev.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\networkmap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\networkitemfactory.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\networkexplorer.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netutils.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NETSTAT.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netshell.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netsh.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netprofm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netprof.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Netplwiz.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netplwiz.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netmsg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netlogon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netjoin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netiougc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netiohlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netid.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\neth.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netfxperf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netevent.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netdiagfx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netcorehc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netcfgx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netcenter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netbtugc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netbios.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netapi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\net1.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\net.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\negoexts.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndptsp.tsp:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndproxystub.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndishc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndiscapCfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndfhcdiscovery.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NdfEventView.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndfetw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndfapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nddeapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndadmin.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ncsi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ncryptui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ncrypt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ncpa.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ncobjapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nci.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NcdProp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NaturalLanguage6.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NativeHooks.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NAPSTAT.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NAPMONTR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\napipsec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NapiNSP.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NAPHLPR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\napdsnap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NAPCRYPT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NAPCLCFG.MSC:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Mystify.scr:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mydocs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mycomput.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MuiUnattend.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\muifontsetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mtxoci.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mtxlegih.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mtxex.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mtxdm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mtxclu.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mtstocom.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msyuv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxml6r.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxml6.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxml4r.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxml4a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxml3r.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxml3.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxbde40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mswstr10.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mswsock.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mswmdm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mswdat10.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSVidCtl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvidc32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvfw32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcrt40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcrt20.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcrt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcr70.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcr100_clr0400.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcr100.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcp60.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcp100.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcirt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvbvm60.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msv1_0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msutb.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mstscax.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mstsc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mstext40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mstask.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msswch.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssvp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSSTDFMT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssrch.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssprxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssphtb.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssph.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssitlb.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssip32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssign32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msshooks.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msshavmsg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssha.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msscript.ocx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msscp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msscntrs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msrle32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msrepl40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MsRdpWebAccess.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msrdc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msrd3x40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msrd2x40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msrating.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MsraLegacy.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msra.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msports.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mspbde40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mspatcha.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mspaint.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msorcl32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msorc32r.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msoert2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msoeacct.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msobjs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSNP.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msnetobj.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msmpeg2vdec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSMPEG2ENC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msmpeg2adec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msltus40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msls31.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msjtes40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msjter40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msjint40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msjetoledb40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msjet40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msisip.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msinfo32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msimtf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msimsg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msimg32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msiltcfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msihnd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msiexec.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msieftp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msidntld.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msidle.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msident.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msidcrl30.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mshtmler.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mshtmled.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mshtml.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mshtml.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mshta.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msgsm32.acm:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msg711.acm:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msftedit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msfeedssync.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msfeedsbs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msfeeds.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msexcl40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msexch40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSDvbNP.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdtcVSp1res.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdtcuiu.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdtcprx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdt.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdrm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdmo.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdelta.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdatsrc.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdart.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdadiag.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msctfui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msctfp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MsCtfMonitor.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msctfime.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msctf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscpxl32.dLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscpx32r.dLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscories.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscorier.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscoree.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSCOMCTL.OCX:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscms.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msclmd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscat32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscandui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msaudite.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msasn1.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msafd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msadp32.acm:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msacm32.drv:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msacm32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSAC3ENC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msaatext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MRINFO.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mprmsg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mprdim.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mprddm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mprapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mpr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MPG4DECD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mpg2splt.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Mpeg2Data.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MP4SDECD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MP43DECD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MP3DMOD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mountvol.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\moricons.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\more.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\modemui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mode.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mobsync.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmsys.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MMDevAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmcshext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmcndmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmcico.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmci.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmcbase.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mlang.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mlang.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mimefilt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\miguiresource.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\migisol.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MigAutoPlay.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\midimap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mgmtapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MFWMAAEC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfvdsp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfreadwrite.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfpmp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MFPlay.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfplat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfmjpegdec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfh264enc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mferror.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfdvdec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfds.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfcsubs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfcm100u.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfcm100.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc42u.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc42.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc40u.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100u.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100rus.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100kor.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100jpn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100ita.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100fra.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100esn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100enu.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100deu.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100cht.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100chs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfAACEnc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mf3216.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mdminst.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mctres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mciwave.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mciseq.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mciqtz32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mcicda.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mciavi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MCEWMDRMNDBootstrap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mcbuilder.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mapisvc.inf:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mapistub.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mapi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\makecab.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\main.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Magnify.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Magnification.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lz32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lusrmgr.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\luainstall.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lsmproxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lpk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\logoncli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\logman.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\loghours.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\logagent.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lodctr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\locationnotificationsview.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\LocationNotifications.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\LocationApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\localsec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\locale.nls:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\loadperf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\linkinfo.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\licmgr10.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\license.rtf:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lcptr.tbl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lcphrase.tbl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\LAPRXY.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\label.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\l3codecp.acm:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\l3codeca.acm:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\L2SecHC.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\l2nacp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\l2gpstore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\l_intl.nls:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ktmw32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ktmutil.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ksxbar.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Kswdmcap.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ksuser.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kstvtune.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ksproxy.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\korwbrkr.lex:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\korwbrkr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\korean.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kmddsp.tsp:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\keymgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\keyiso.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KernelBase.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kernel32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kerberos.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kdbsdk32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDYCL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDYCC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDYBA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDYAK.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDWOL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDVNTC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUZB.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUSX.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUSR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUSL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUSA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUS.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDURDU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUR1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUKX.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUK.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUGHR1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUGHR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTURME.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTUQ.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTUF.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTIPRC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTH3.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTH2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTH1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTH0.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTAT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTAJIK.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSYR2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSYR1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSW09.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSW.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSP.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSORST.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSORS1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSOREX.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSN1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSMSNO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSMSFI.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSL1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSG.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSF.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDRU1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDRU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDROST.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDROPR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDRO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDPO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDPL1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDPL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDPASH.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDNSO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDNO1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDNO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDNEPR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdnecnt.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdnecat.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdnec95.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdnec.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDNE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMONMO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMON.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMLT48.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMLT47.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMAORI.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMACST.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMAC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLV1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLV.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLT2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLT1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdlk41a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLAO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDKYR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDKOR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDKHMR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDKAZ.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDJPN.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDIULAT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDIT142.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDIT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDIR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINUK2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINTEL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINTAM.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINPUN.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINORI.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINMAR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINMAL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINKAN.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINHIN.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINGUJ.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINDEV.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINBEN.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINBE2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINBE1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINASA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDIC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDIBO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdibm02.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHU1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHEPT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHELA3.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHELA2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHEB.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHE319.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHE220.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHAU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDGRLND.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDGR1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDGR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDGKL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdgeoqw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdgeoer.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDGEO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDGAE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDFR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDFO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDFI1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDFI.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDFC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDFA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDEST.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDES.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDDV.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDDIV2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDDIV1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDDA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDCZ2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDCZ1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDCZ.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDCR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDCAN.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDCA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBULG.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBLR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBHC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBGPH1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBGPH.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBENE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBASH.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDAZEL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDAZE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdax2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDARMW.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDARME.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDAL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDA3.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDA2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDA1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd106n.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd106.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd103.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd101c.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd101b.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd101a.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd101.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kanji_2.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kanji_1.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\jsproxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\jscript9.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\jscript.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\joy.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iyuv_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ivfsrc.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\itss.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\itircl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\isoburn.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsiwmi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsium.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsied.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsidsc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsicpl.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsicpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsicli.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\irprops.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\irclass.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir50_qcx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir50_qc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir50_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir41_qcx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir41_qc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir41_32.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir32_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ipsmsnap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ipsecsnp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iprtrmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iprtprio.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iprop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IPHLPAPI.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ipconfig.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IPBusEnumProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iologmsg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\intl.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\instnm.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\inseng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\input.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\InkEd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\infocardcpl.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\infocardapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\InfDefaultInstall.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\INETRES.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\inetmib1.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\inetcpl.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\inetcomm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imm32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imkr80.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IMJP10K.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IMJP10.IME:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imgutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imapi2fs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imapi2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imagesp1.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imageres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imagehlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imaadp32.acm:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\igkrng500.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\igfcg500m.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\igfcg500.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\igdumd32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\igd10umd32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\igcompkrng500.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ifsutilx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ifsutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ifmon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iexpress.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieUnatt.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieuinit.inf:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iesysprep.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iesetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iertutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iernonce.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iepeers.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieframe.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iedkcs32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieapfltr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieapfltr.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieakui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieaksie.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieakeng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IEAdvpack.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ie4uinit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IDStore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\idndl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ideograf.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icsunattend.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icsigd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icrav03.rat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IconCodecService.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icmui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icmp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icm32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iccvid.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icardres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icardie.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icardagt.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icacls.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iassvcs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iassdo.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iassam.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iasrecst.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iasrad.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iaspolcy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iasnap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IasMigPlugin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iashlpr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iasdatastore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iasads.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iasacct.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ias.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iac25_32.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\htui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\httpapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\html.iec:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\HOSTNAME.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hnetmon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hnetcfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hlp95en.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hlink.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hidserv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hidphone.tsp:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hid.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hhsetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hhctrl.ocx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hh.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hgcpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\HelpPaneProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\help.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hdwwiz.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hdwwiz.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hcproviders.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hbaapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\grpconv.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\grb.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gpupdate.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gptext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gpresult.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gpprnext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gpedit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gpapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\glu32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\glmf32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\getuname.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\getmac.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gdi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gcdef.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gb2312.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\GameUXLegacyGDFs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gameux.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\g711codc.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FXSXP32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FXSRESM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FXSEXT32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FXSCOMEX.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FXSCOM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FXSAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FwRemoteSvr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FWPUCLNT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fwcfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fundisc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ftp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fthsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fsutil.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fsmgmt.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\framedynos.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\framedyn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fphc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\format.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\forfiles.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fontview.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fontsub.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fontext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fms.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fmifs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FM20ENU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FM20DEU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FM20.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fltMC.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fltLib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FlashPlayerApp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fixmapi.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FirewallControlPanel.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FirewallAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Firewall.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\finger.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\findstr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\findnetprinters.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\find.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\filemgmt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\feclient.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdWSD.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdWNet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdWCN.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdSSDP.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdPnp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdeploy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fde.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdBthProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdBth.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Faultrep.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\f3ahvoas.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\extrac32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\expsrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ExplorerFrame.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\explorer.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\expand.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\evr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eventvwr.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eventvwr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EventViewer_EventDetails.xsl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eventcreate.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eventcls.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eudcedit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\esrb.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\esentutl.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\esentprf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\esent.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\es.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eqossnap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EncDec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\encapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\elsTrans.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\elslad.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ELSCore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\els.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EhStorShell.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EhStorPwdMgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EhStorAuthn.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EhStorAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\efsutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\efsui.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\efscore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\efsadu.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EAPQEC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eappprxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eapphost.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eappgnui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eappcfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eapp3hst.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dxva2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dxtrans.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dxtmsft.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DxpTaskSync.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DXPTaskRingtone.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dxgi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dxdiagn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dxdiag.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DWWIN.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DWrite.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dwmcore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dwmapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dvdupgrd.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dvdplay.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\duser.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dui70.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dtsh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dswave.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsuiext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dssenh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dssec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dssec.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsrole.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsquery.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsprop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsound.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dskquoui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dskquota.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DShowRdpFilter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsdmo.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsauth.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ds32gt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drvstore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drvinst.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drttransport.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drtprov.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drprov.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drmv2clt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drmmgrtn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drivers\wimmount.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drivers\gmreadme.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drivers\gm.dls:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drivers\DKbFltr.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\driverquery.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpwsockx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnsvr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnlobby.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnhupnp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnhpast.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnathlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnaddr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpmodemx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dplayx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dplaysvr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DpiScaling.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpapiprovider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpapimig.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3ui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3msm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3hc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3gpui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3gpclnt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3dlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3cfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3api.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\doskey.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\docprop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dnscmmc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dnscacheugc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dnsapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmview.ocx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmvdsitf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmusic.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmsynth.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmstyle.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmscript.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmrc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmocx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmloader.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmintf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmime.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmdskres2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmdskres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmdskmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmdlgs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmcompos.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmband.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dllhst3g.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dllhost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DisplaySwitch.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Display.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dispex.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Dism.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskraid.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskperf.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskpart.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskmgmt.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskcopy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskcopy.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskcomp.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dinput8.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dinput.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dimsroam.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dimsjob.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\difxapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diantz.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dialer.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dhcpsapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DHCPQEC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dhcpcsvc6.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dhcpcsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dhcpcore6.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dhcpcore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dhcpcmonitor.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DfsShlEx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dfshim.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dfscli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dfrgui.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\devrtl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\devobj.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\devmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\devmgmt.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DeviceUxRes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DeviceProperties.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DevicePairingWizard.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DevicePairingProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DevicePairingHandler.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DevicePairingFolder.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DevicePairing.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DeviceMetadataParsers.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DeviceDisplayStatusManager.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DeviceCenter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\devenum.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\deskperf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\deskmon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\deskadp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\desk.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\defaultlocationcpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ddrawex.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ddraw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DDORes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DDOIProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ddodiag.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DDACLSys.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dcomcnfg.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dciman32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dccw.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dbnmpntw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dbnetlib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dbghelp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dbgeng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\davhlpr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\davclnt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dataclen.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3dxof.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3dx9_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3dx9_27.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3dramp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3dim700.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3dim.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d9.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d8thk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d8.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d11.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d10warp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d10level9.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d10core.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d10_1core.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d10_1.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d10.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d2d1.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cttunesvr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cttune.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ctl3d32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ctfmon.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CSVer.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\csrr.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cscript.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cscdll.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cscapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptxml.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptsp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptnet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptdll.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptdlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptbase.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\crypt32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\crtdll.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\credwiz.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\credui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\credssp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CPFilters.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\convert.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\control.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\console.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\connect.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comuid.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comsvcs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comsnap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comrepl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ComputerDefaults.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\compstui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\compobj.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\compmgmt.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\compact.exe:coranti

holzdan 07.10.2012 10:53
otl.txt part 4

Code:
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comexp.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comdlg32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comctl32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comcat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\colorui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\colorcpl.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\COLORCNV.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\colbact.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cnvfat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cngprovider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cngaudit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmstplua.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmstp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmpbk32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmmon32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmlua.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmipnpinstall.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmifw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmicryptinstall.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmdl32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmdkey.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmdial32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmd.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmcfg32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\clusapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\clip.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cliconfg.rll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cliconfg.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cliconfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\clfsw32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cleanmgr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\clbcatq.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\clb.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cipher.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cintlgnt.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cic.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CHxReadingStringIME.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\chtbrkr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\chsbrkr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\choice.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\chkntfs.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\chkdsk.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\chcp.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\charmap.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\chajei.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cfgmgr32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cfgbkend.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cewmdm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certutil.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certreq.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CertPolEng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certmgr.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CertEnrollUI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CertEnrollCtrl.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CertEnroll.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certenc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certCredProvider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certcli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cero.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cdosys.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CCCInstall_201203111630271511.log:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cca.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\catsrvut.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\catsrvps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\catsrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\capisp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\capiprovider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\capicom.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\calc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cacls.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cabview.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cabinet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_ISCII.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_IS2022.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_G18030.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_950.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_949.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_936.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_932.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_875.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_874.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_870.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_869.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_866.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_865.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_864.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_863.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_862.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_861.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_860.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_858.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_857.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_855.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_852.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_850.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_775.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_737.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_720.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_708.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_500.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_437.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28605.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\c_28603.nls:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28599.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28598.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28597.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28596.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28595.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28594.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28593.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28592.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28591.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_21866.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_21027.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_21025.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20949.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20936.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20932.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20924.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20905.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20880.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20871.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20866.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20838.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20833.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20424.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20423.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20420.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20297.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20290.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20285.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20284.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20280.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20278.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20277.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20273.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20269.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20261.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20127.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20108.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20107.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20106.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20105.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20005.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20004.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20003.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20002.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20001.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20000.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1361.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1258.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1257.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1256.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1255.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1254.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1253.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1252.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1251.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1250.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1149.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1148.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1147.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1146.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1145.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1144.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1143.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1142.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1141.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1140.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1047.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1026.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10082.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10081.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10079.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10029.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10021.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10017.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10010.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10008.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10007.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10006.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10005.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10004.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10003.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10002.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10001.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10000.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_037.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\BWUnpairElevated.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\BWContextHandler.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Bubbles.scr:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\btpanui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bthudtask.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bthprops.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\browseui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\browcli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bopomofo.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\BOOTVID.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bootcfg.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\boot.sdi:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\blackbox.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsprx6.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsprx5.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsprx4.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsprx3.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsprx2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsperf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsadmin.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\BioCredProv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bidispl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bdaplgin.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bcryptprimitives.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bcrypt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\batmeter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\basecsp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AzSqlExt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\azroleui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\azroles.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\azman.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\avrt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\avifil32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\avicap32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AuxiliaryDisplayCpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AuxiliaryDisplayApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\autoplay.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\autofmt.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\autoconv.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\autochk.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\authz.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\authui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AuthFWWizFwk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AuthFWSnapin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AuthFWGP.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\authfwcfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\auditpol.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AudioSes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AUDIOKSE.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AudioEng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\audiodev.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\attrib.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atmlib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atmfd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atl100.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ativvsvl.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ativvsva.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atiumdmv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atipdlxx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atipblag.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AtBroker.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\at.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\asycfilt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\asferror.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ARP.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\apss.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\appwiz.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\appidapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Apphlpdm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\apphelp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\apisetschema.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\apircl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-service-winsvc-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-service-management-l2-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-service-management-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-service-core-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-security-sddl-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-security-lsalookup-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\apilogen.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\apds.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\amxread.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\amstream.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AltTab.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelSwedish.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelSpanish.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelPortugese.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelKorean.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelJapanese.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelGerman.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelFrench.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\aeevts.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\aecache.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\advpack.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\advapi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\adtschema.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\adsnt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\adsmsext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\adsldpc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\adsldp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\adprovider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\admparse.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AdapterTroubleshooter.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\actxprxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\activeds.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\activeds.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ActionCenterCPL.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ActionCenter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\acppage.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\aclui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\acledit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ACCTRES.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\accessibilitycpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\aaclient.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\12520850.cpx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\12520437.cpx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\system.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysNative\drivers\etc\services:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysNative\drivers\etc\protocol:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysNative\drivers\etc\networks:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysNative\drivers\etc\lmhosts.sam:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysNative\drivers\etc\hosts.20121006-162602.backup:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Suyin.reg:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Starter.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\splwow64.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\RtlExUpd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\regedit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Prelaunch.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\PLFSetI.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\PLaunch.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\PidList.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\PatchFul.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\ParseModule_X86.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\ParseModule_X64.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\ODBC.INI:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\notepad.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\NewDeployWinRE.cmd:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\msdfmap.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\MOD01SET75000N0006.enc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\MOD01SET74DE0N0003.XML:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\MOD01SET74DE0N0003.enc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\mib.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\LManager.UNI:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\LaunApp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Image.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\HomePremium.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\HomeBasic.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\hh.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\HelpPane.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\GVUni.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\GridV.UNI:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\fveupdate.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Fonts\GlobalSerif.CompositeFont:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Fonts\GlobalMonospace.CompositeFont:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Factory.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\explorer.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\epplauncher.mif:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\EB6BE8A5-11AE-4e2b-8B6E-974168C301C8.DSI:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\CSUP.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\ChangeLang_Done.tag:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Capsule.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\bootstat.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\bfsvc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\agrsmdel.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\agrdel64.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Acer Crystal Eye webcam.ico:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Acer Crystal Eye webcam.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\0:coranti
@Alternate Data Stream - 52 bytes -> C:\vcredist.bmp:coranti
@Alternate Data Stream - 52 bytes -> C:\VC_RED.MSI:coranti
@Alternate Data Stream - 52 bytes -> C:\VC_RED.cab:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\Public\Documents\NTILiveUpdate.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\Public\Documents\NTIBUN5.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\Public\Documents\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\SecurityKISSTunnel.config:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\ntuser.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\Documents\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\Desktop\END Strom.PDF:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\AppData\Local\GDIPFONTCACHEV1.DAT:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\AppData\Local\fusioncache.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\user.js:coranti
@Alternate Data Stream - 52 bytes -> C:\RHDSetup.log:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\PS.log:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\FullRemove.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\ArcadeDeluxe3.log:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\1331426446.4376.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\1331426446.3724.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\1331426446.3708.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\1331426446.2708.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\1331420176.bdinstall.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\Program Files\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Program Files (x86)\Steam\Steam.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Program Files (x86)\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Program Files (x86)\Common Files\Acer GameZone online.ico:coranti
@Alternate Data Stream - 52 bytes -> C:\Preload.rev:coranti
@Alternate Data Stream - 52 bytes -> C:\Patch.rev:coranti
@Alternate Data Stream - 52 bytes -> C:\mcdbp.log:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.3082.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.2052.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1049.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1042.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1041.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1040.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1036.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1033.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1031.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1028.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\install.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\globdata.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.3082.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.2052.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1049.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1042.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1041.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1040.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1036.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1033.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1031.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1028.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\BOOTSECT.BAK:coranti
@Alternate Data Stream - 52 bytes -> C:\bootmgr:coranti
@Alternate Data Stream - 52 bytes -> C:\bdlog.txt:coranti
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:F297470E
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
koennte vielleicht jemand bitte einen Blick drueber werfen wenn es sich ausgeht

cosinus 07.10.2012 18:57
Zitat:
Habe die Logs der Virenscans leider nicht gespeichert.
Malwarebytes speichert alle Logs im Reiter Logdateien

holzdan 07.10.2012 21:02
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.04.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
aaa :: AAA-PC [Administrator]

07.10.2012 11:37:07
mbam-log-2012-10-07 (11-37-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 345652
Laufzeit: 35 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 07.10.2012 21:11
Sind das alle Logs von Malwarebytes?

holzdan 07.10.2012 21:19
Es sind mehrere aber alle mit dem selben inhalt

cosinus 07.10.2012 21:26
Verschiedene Logs mit demselben Inhalt? :pfeiff: :lach:
Wie auch immer: es wurde nichts und niemals was gefunden?

holzdan 07.10.2012 21:29
mit malwarebytes nicht.
klar hatte ich mal irgendwann was drauf aber das ist schon lange her und kann mich nicht mehr an di malware erinnern , auch nicht welches av ich damals benutzte... ich wechsele staendig av programme und probier wieder andere aus. Habe Malwarebytes uebrigens erst vor einigen Tagen installiert

cosinus 07.10.2012 21:42
Zitat:
klar hatte ich mal irgendwann was drauf
Bitte nicht zu genau posten, wir könnte sonst wissen was gefunden wurde

holzdan 08.10.2012 11:34
habe windows nun bereits um die 2 Jahre installiert und noch nie formatiert...
daher kann ich mich nicht mehr genau erinnern was damals gefunden wurde , ich erinnere mich nur noch daran dass mal etwas gefunden wurde aber das ist ja eher die Regel als die Ausnahme...

cosinus 08.10.2012 13:13
Weiß du denn welcher Scanner was gefunden hat? Wenn ja ist vllt noch das Log da?

holzdan 08.10.2012 17:54
nein kann mich wirklich nicht mehr daran erinnern.
Habe auch die Verzeichnisse nach eventuellen Logs untersucht.
Leider nix zu finden , sorry


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:50 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55