| |
| |||||||
Log-Analyse und Auswertung: SweetPacks IM , Yourfile DownloaderWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.10.2012, 00:38
| #1 |
 |  SweetPacks IM , Yourfile Downloader Hallo. Da mir die Lizenz fuer meine Internet Security Suite verfallen ist war ich nun eine Zeit lang ohne Schutz im Netz unterwegs.Da hat es nicht lange gedauert und ich hatte schon verschiedene toolbars wie babylon , pc beschleunigen tool usw auf der Platte.Auch Sweet Packs IM und yourfile downloader obwohl ich mich nicht erinnern konnte sowas je installiert zu haben.Habe nun Sweet Packs und yourfile downloader , babylon deinstalliert doch ich werde einfach das Gefuehl nicht los dass noch irgendwas übrig ist da mein System wirklich ungalublich langsam läuft seitdem mir diese "Tools" aufgefallen sind.Habe auch mein System wieder ein wenig aufgeräumt mit tune up utilities und cc cleaner was normalerweise den Pc immer wieder etwas flotter macht , diesmal nicht. Habe meinen Pc auch schon mit Malwarebytes , Eset und einigen anderen Scannern getestet jedoch wurde nix gefunden. Daher wollte ich meinen OLT - Log hier posten und hoffe mir kann jemand damit weiterhelfen und vielleicht eine Infektion erkennen. |
|
07.10.2012, 09:13
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | SweetPacks IM , Yourfile Downloader Trotzdem bitte alle Logs von Malwarebytes und ESET posten
__________________Die Logs enthalten ein paar mehr Infos als nur Fund oder kein Fund. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
07.10.2012, 10:28
| #3 |
| | SweetPacks IM , Yourfile Downloader Habe die Logs der Virenscans leider nicht gespeichert.
__________________Werde sie daher nochmal laufen lassen.Hier inzwischen meine otl.txt otl.txt part 1 Code:
ATTFilter OTL logfile created on: 07.10.2012 11:14:15 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\aaa\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 67,95% Memory free 7,73 Gb Paging File | 6,46 Gb Available in Paging File | 83,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 463,16 Gb Total Space | 379,91 Gb Free Space | 82,02% Space Free | Partition Type: NTFS Computer Name: AAA-PC | User Name: aaa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.07 01:21:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aaa\Desktop\OTL.exe PRC - [2012.09.20 05:38:56 | 000,175,496 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe PRC - [2012.08.06 13:44:16 | 000,642,216 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.01.27 09:47:20 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe PRC - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009.07.10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.10.06 19:20:37 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe -- (SBAMSvc) SRV - [2012.09.20 05:38:56 | 000,175,496 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc) SRV - [2012.08.30 13:23:28 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2012.08.28 17:52:44 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.23 10:17:28 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2012.01.27 09:47:20 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe -- (tvnserver) SRV - [2010.07.08 14:18:29 | 000,333,264 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\3DataManager\WTGService.exe -- (WTGService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.03 16:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV - [2009.11.02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.09.30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.09.25 01:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.09.11 07:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.07.10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) [Disabled | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.01 18:31:53 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.09.20 05:11:58 | 000,086,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis) DRV:64bit: - [2012.09.12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs) DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.08.03 10:23:28 | 000,035,064 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\CFRMD.sys -- (CFRMD) DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.04.13 20:12:13 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2012.04.13 20:12:13 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2012.04.13 20:12:13 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2012.04.13 20:12:13 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.21 16:44:30 | 002,793,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.10.17 16:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.07.01 05:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.02.27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.12.03 17:07:04 | 001,224,192 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.09.18 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.06 14:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009.07.23 00:06:26 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.25 04:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360312d206l04c8z135t64n1c413 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={27A42084-C696-11E1-ACC2-0017C4F1B1FE} IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360312d206l04c8z135t64n1c413 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&babsrc=SP_ss&mntrId=d65cf95f0000000000000017c4f1b1fe IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT474 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={224E4F9B-E9F3-4617-9BC5-9CE19CA4FA5F}&mid=59da8dcef8ac47d08f78d15e8215580d-2e33c930fa5d3169a9ea342d66355adcb0b86bd8&lang=de&ds=cv011&pr=sa&d=2012-07-05 13:39:36&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.06 17:15:11 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012.10.06 16:26:02 | 000,444,411 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15262 more lines... O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe (GFI Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe (GlavSoft LLC.) O4 - HKCU..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found O4 - Startup: C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.exe - Verknüpfung.lnk = C:\Users\aaa\Desktop\PROXOMITRON\Proxomitron.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04DDC8C3-4207-4A03-847A-5F0D098AC1F3}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{908D8B77-90CF-4CB0-84F4-67EF8DA6CDD4}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{908D8B77-90CF-4CB0-84F4-67EF8DA6CDD4}: NameServer = 8.26.56.26,156.154.70.22 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/html - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/html - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{70624967-858a-11e1-a36c-0017c4f1b1fe}\Shell - "" = AutoRun O33 - MountPoints2\{70624967-858a-11e1-a36c-0017c4f1b1fe}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.07 11:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMODO [2012.10.07 11:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Comodo [2012.10.07 11:12:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.10.07 11:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA [2012.10.07 11:09:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO [2012.10.07 01:21:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\aaa\Desktop\OTL.exe [2012.10.07 01:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.10.07 00:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakNow PowerPack 2012 [2012.10.07 00:49:00 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\TweakNow PowerPack 2012 [2012.10.07 00:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweakNow PowerPack 2012 [2012.10.07 00:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2012.10.07 00:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO [2012.10.07 00:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2012.10.07 00:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software [2012.10.07 00:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GFI Software [2012.10.07 00:04:24 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2012.10.07 00:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2012.10.06 23:52:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.10.06 23:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.10.06 23:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.10.06 23:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.10.06 22:53:52 | 000,000,000 | ---D | C] -- C:\AMD [2012.10.06 22:48:11 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\Chromium [2012.10.06 22:43:36 | 000,000,000 | ---D | C] -- C:\Users\aaa\Documents\My Games [2012.10.06 21:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid [2012.10.06 21:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid [2012.10.06 21:26:49 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zak McKracken - Between Time & Space [2012.10.06 21:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zak McKracken - Between Time & Space [2012.10.06 21:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zak2 [2012.10.06 21:22:09 | 000,000,000 | ---D | C] -- C:\Users\aaa\Desktop\zak [2012.10.06 21:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios [2012.10.06 21:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios [2012.10.06 21:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios [2012.10.06 20:00:52 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA% [2012.10.06 19:28:34 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012.10.06 19:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2012.10.06 16:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.10.06 16:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.10.06 15:28:17 | 000,000,000 | -H-D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items [2012.10.06 15:28:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items [2012.10.06 15:28:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo [2012.10.06 15:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Greatis [2012.10.06 15:16:09 | 000,039,184 | ---- | C] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe [2012.10.06 15:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun [2012.10.06 15:11:49 | 000,000,000 | ---D | C] -- C:\Users\aaa\Documents\RegRun2 [2012.10.06 12:20:58 | 000,000,000 | ---D | C] -- C:\Users\aaa\Desktop\Bücher-links [2012.10.06 02:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Coranti [2012.10.06 02:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Coranti [2012.10.06 02:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GFI Software [2012.10.06 02:16:35 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\GFI Software [2012.10.06 01:44:52 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\Sophos [2012.10.06 01:25:13 | 000,000,000 | ---D | C] -- C:\Users\aaa\Local Settings [2012.10.06 01:16:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2012.10.06 01:00:50 | 000,000,000 | ---D | C] -- C:\escw_100_sa [2012.10.06 00:57:47 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\Symantec [2012.10.06 00:55:23 | 000,287,152 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\SymVPN.dll [2012.10.06 00:55:23 | 000,058,288 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\snacnp.dll [2012.10.05 23:52:02 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys [2012.10.05 23:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2012.10.05 23:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012.10.05 23:51:28 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\TestApp [2012.10.05 23:27:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.10.05 22:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information [2012.10.05 21:41:00 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade [2012.10.05 21:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade [2012.10.05 21:40:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy Arcade [2012.10.05 21:40:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions [2012.10.05 21:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra [2012.10.05 20:30:20 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Netdevil [2012.10.05 20:06:36 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\GameSpy [2012.10.05 20:06:27 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\ApplicationHistory [2012.10.05 20:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy [2012.10.05 20:06:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy [2012.10.05 20:05:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2012.10.05 20:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA [2012.10.05 20:03:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2012.10.05 20:03:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2012.10.05 20:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.10.05 20:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Netdevil [2012.10.05 15:34:02 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tennis Elbow 2011 [2012.10.05 15:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tennis Elbow 2011 [2012.10.05 15:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tennis Elbow 2011 [2012.10.01 18:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts [2012.10.01 18:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LucasArts [2012.10.01 18:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro [2012.10.01 18:31:53 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.10.01 18:31:49 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\DAEMON Tools Pro [2012.10.01 18:31:43 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\OpenCandy [2012.10.01 18:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro [2012.10.01 18:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro [2012.09.20 05:40:04 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysWow64\sbbd.exe [2012.09.20 05:11:58 | 000,086,816 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbwtis.sys [2012.09.12 20:19:42 | 000,634,560 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\SysWow64\XceedZip.dll [2012.09.12 20:19:38 | 000,082,872 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbapifs.sys [2009.11.05 05:33:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.07 11:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.07 11:17:10 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.07 11:17:10 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.07 11:12:19 | 000,002,051 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk [2012.10.07 11:12:19 | 000,002,047 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2012.10.07 11:12:19 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk [2012.10.07 11:09:30 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.07 11:08:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.07 10:40:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.07 01:39:54 | 000,000,000 | ---- | M] () -- C:\Users\aaa\defogger_reenable [2012.10.07 01:22:06 | 000,050,477 | ---- | M] () -- C:\Users\aaa\Desktop\Defogger.exe [2012.10.07 01:21:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aaa\Desktop\OTL.exe [2012.10.07 00:49:08 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\TweakNow PowerPack 2012.lnk [2012.10.07 00:37:17 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2012.10.07 00:04:28 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\VIPRE.lnk [2012.10.06 23:45:46 | 000,007,669 | ---- | M] () -- C:\Users\aaa\AppData\Local\Resmon.ResmonCfg [2012.10.06 23:22:32 | 000,001,110 | ---- | M] () -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.exe - Verknüpfung.lnk [2012.10.06 23:17:42 | 000,000,372 | ---- | M] () -- C:\Windows\ODBC.INI [2012.10.06 22:36:54 | 003,629,231 | ---- | M] () -- C:\Program Files (x86)\YourFileDownloader.rar [2012.10.06 21:26:50 | 000,000,959 | ---- | M] () -- C:\Users\aaa\Desktop\Zak McKracken - BTAS.lnk [2012.10.06 21:14:57 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk [2012.10.06 21:14:57 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk [2012.10.06 19:28:34 | 000,000,219 | ---- | M] () -- C:\Users\aaa\Desktop\Counter-Strike Source.url [2012.10.06 19:08:02 | 000,001,837 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2012.10.06 16:46:41 | 000,005,104 | ---- | M] () -- C:\Windows\wininit.ini [2012.10.06 16:26:02 | 000,444,411 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.10.06 15:28:21 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat [2012.10.06 15:28:21 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT [2012.10.06 15:28:21 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT [2012.10.06 15:16:09 | 000,039,184 | ---- | M] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe [2012.10.06 00:55:23 | 000,287,152 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\SymVPN.dll [2012.10.06 00:55:23 | 000,058,288 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\snacnp.dll [2012.10.05 23:52:24 | 001,997,385 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2012.10.05 20:41:19 | 000,362,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.05 20:06:27 | 000,000,091 | ---- | M] () -- C:\Users\aaa\AppData\Local\fusioncache.dat [2012.10.05 20:05:29 | 001,554,122 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.10.05 20:05:29 | 000,664,634 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.05 20:05:29 | 000,624,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.05 20:05:29 | 000,134,770 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.05 20:05:29 | 000,110,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.02 03:00:36 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.10.01 18:33:54 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.01 18:31:53 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.09.26 16:55:44 | 000,000,162 | ---- | M] () -- C:\Users\aaa\SecurityKISSTunnel.config [2012.09.20 05:40:04 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysWow64\sbbd.exe [2012.09.20 05:40:04 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2012.09.20 05:11:58 | 000,086,816 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\sbwtis.sys [2012.09.12 20:19:42 | 000,634,560 | ---- | M] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\SysWow64\XceedZip.dll [2012.09.12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\sbapifs.sys [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.07 11:12:19 | 000,002,051 | ---- | C] () -- C:\Users\Public\Desktop\AntiError.lnk [2012.10.07 11:12:19 | 000,002,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2012.10.07 11:12:19 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk [2012.10.07 01:39:54 | 000,000,000 | ---- | C] () -- C:\Users\aaa\defogger_reenable [2012.10.07 01:22:06 | 000,050,477 | ---- | C] () -- C:\Users\aaa\Desktop\Defogger.exe [2012.10.07 00:49:08 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\TweakNow PowerPack 2012.lnk [2012.10.07 00:37:17 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2012.10.07 00:04:28 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE.lnk [2012.10.06 23:45:46 | 000,007,669 | ---- | C] () -- C:\Users\aaa\AppData\Local\Resmon.ResmonCfg [2012.10.06 23:22:32 | 000,001,110 | ---- | C] () -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.exe - Verknüpfung.lnk [2012.10.06 22:36:53 | 003,629,231 | ---- | C] () -- C:\Program Files (x86)\YourFileDownloader.rar [2012.10.06 21:28:52 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.10.06 21:28:52 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax [2012.10.06 21:28:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.10.06 21:26:50 | 000,000,959 | ---- | C] () -- C:\Users\aaa\Desktop\Zak McKracken - BTAS.lnk [2012.10.06 21:14:57 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk [2012.10.06 21:14:57 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk [2012.10.06 19:28:34 | 000,000,219 | ---- | C] () -- C:\Users\aaa\Desktop\Counter-Strike Source.url [2012.10.06 19:08:02 | 000,001,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.10.06 19:08:02 | 000,001,837 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2012.10.06 16:46:33 | 000,005,104 | ---- | C] () -- C:\Windows\wininit.ini [2012.10.06 15:28:02 | 000,057,556 | ---- | C] () -- C:\Windows\guard.bmp [2012.10.06 15:11:51 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat [2012.10.06 15:11:51 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT [2012.10.06 15:11:51 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT [2012.10.05 23:52:08 | 001,997,385 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB [2012.10.05 20:06:27 | 000,000,091 | ---- | C] () -- C:\Users\aaa\AppData\Local\fusioncache.dat [2012.10.05 15:34:10 | 000,921,600 | ---- | C] () -- C:\Windows\SysNative\vorbisenc.dll [2012.10.05 15:34:10 | 000,237,568 | ---- | C] () -- C:\Windows\SysNative\OggDS.dll [2012.10.05 15:34:10 | 000,188,416 | ---- | C] () -- C:\Windows\SysNative\vorbis.dll [2012.10.05 15:34:10 | 000,045,056 | ---- | C] () -- C:\Windows\SysNative\ogg.dll [2012.05.28 12:29:23 | 000,000,162 | ---- | C] () -- C:\Users\aaa\SecurityKISSTunnel.config [2012.03.11 17:44:19 | 001,554,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.11 05:13:30 | 000,001,744 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2012.03.11 02:40:53 | 000,026,569 | ---- | C] () -- C:\ProgramData\1331426446.4376.bin [2012.03.11 02:40:48 | 000,008,383 | ---- | C] () -- C:\ProgramData\1331426446.3708.bin [2012.03.11 02:40:47 | 000,006,945 | ---- | C] () -- C:\ProgramData\1331426446.3724.bin [2012.03.11 02:40:46 | 000,054,366 | ---- | C] () -- C:\ProgramData\1331426446.2708.bin [2012.03.11 01:48:28 | 000,000,372 | ---- | C] () -- C:\Windows\ODBC.INI [2012.03.11 01:15:44 | 000,302,835 | ---- | C] () -- C:\ProgramData\1331420176.bdinstall.bin [2012.03.10 21:05:49 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2012.03.10 21:05:49 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2012.03.10 21:05:49 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2012.03.10 21:05:49 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini [2012.03.10 20:46:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.07 20:35:48 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlibwapi.dll [2012.02.07 20:35:48 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll [2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.04.13 20:47:28 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\3DataManager [2012.03.11 01:03:45 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Bitdefender [2012.03.14 23:51:04 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\BitTorrent [2012.03.24 20:40:48 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Cerberus LLC [2012.10.06 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\DAEMON Tools Pro [2012.03.26 19:10:35 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\foobar2000 [2012.05.01 20:29:42 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\GameHouse [2012.10.06 02:16:35 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\GFI Software [2012.03.24 20:07:29 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\GrabPro [2012.07.05 13:17:39 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\ImgBurn [2012.03.11 16:53:28 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\KC Softwares [2012.10.01 18:31:46 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\OpenCandy [2012.05.11 11:03:43 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\OpenOffice.org [2012.10.06 19:08:11 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Opera [2012.10.05 23:28:13 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Orbit [2012.03.24 20:08:18 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\ProgSense [2012.03.11 01:00:45 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\QuickScan [2012.03.14 22:34:31 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Securepoint Operation Center [2012.10.05 23:51:28 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\TestApp [2012.10.05 23:28:33 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\TuneUp Software [2012.10.07 00:49:03 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\TweakNow PowerPack 2012 [2012.10.06 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\uTorrent [2012.05.02 17:42:17 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\YourFileDownloader Code:
ATTFilter ========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 52 bytes -> C:\Windows\write.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WPatchProgress.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WMSysPr9.prx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WLXPGSS.SCR:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisPriority.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisMvImg.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisLangCode.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisGAPasx64.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisGAPas.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winhlp32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WindowsUpdate.log:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WindowsShell.Manifest:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WIN7BASE_XX.TAG:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\win.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\USER.XML:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\USB_VIDEO_REG.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\UNINST32.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\twunk_32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\twunk_16.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\twain_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\twain.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\tasks\SCHEDLGU.TXT:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\zlibwapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\zlib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\zipfldr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwtpw32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwtpdui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwreg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwizards.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwizard.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwizard.dtd:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xpssvcs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XPSSHHDR.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xpsservices.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xpsrchvw.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xpsrchvw.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XpsRasterService.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XpsPrint.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XpsGdiConverter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XpsFilt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xolehlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xmlprovi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xmllite.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xmlfilter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XInput9_1_0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xcopy.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XceedSco.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XceedCry.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wzcdlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wwapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WWanAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wuwebv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wusa.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wups.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wudriver.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wuapp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wuapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wtsapi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSTPager.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsock32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsnmp32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmWmiPl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmTxt.xsl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmSvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmRes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmPty.xsl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsmprovhost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsmplpxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmAuto.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSManMigrationPlugin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSManHTTPConfig.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsmanconfig_schema.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSHTCPIP.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshrm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshqos.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshom.ocx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshirda.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wship6.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshelper.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshcon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshbth.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsecedit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsdchngr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSDApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscui.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscript.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscproxystub.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscmisetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscisvif.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscinterop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ws2help.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ws2_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\write.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wpdwcn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WPDSp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WPDShServiceObj.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WPDShextAutoplay.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wpdshext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wpcsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wpcao.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Wpc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wowreg32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wow32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVXENCD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVSENCD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVSDECD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVENCOD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmvdspa.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVDECOD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVCORE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMSPDMOE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMSPDMOD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmsgapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMPhoto.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMNetMgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmiprop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmidx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdrmsdk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdrmnet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdrmdev.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdmps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdmlog.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmcodecdspps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMASF.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMADMOE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMADMOD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WlS0WndH.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlgpclnt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Wldap32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlansec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanpref.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanmsm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WlanMM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlaninst.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanhlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlangpui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanext.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlandlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WLanConn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlancfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wksprtPS.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wkscli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WISPTIS.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winver.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winusb.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wintrust.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WinSyncProviders.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WinSyncMetastore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WinSync.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winsta.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WINSRPC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winspool.drv:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winsockhc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winshfhc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WinSCard.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WinSATAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrssrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrsmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrshost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrscmd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrs.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrnr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrm.vbs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winrm.cmd:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winnsi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winmm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winipsec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wininit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wininet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winhttp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WinFax.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WindowsCodecsExt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WindowsCodecs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wincredprovider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winbrand.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\winbio.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\win32spl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wimserv.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wimgapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiavideo.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiatrace.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiashext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiascanprofiles.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WiaExtensionHost64.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiadss.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiadefui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiaaut.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wiaacmgr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\whoami.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\whhelper.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\where.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\whealogr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WfHC.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wfapigp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WF.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wextract.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wevtutil.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wevtfwd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wevtapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\werui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wermgr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WerFaultSecure.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WerFault.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\werdiagcontroller.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wer.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wecutil.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wecapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\webservices.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\webio.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WebClnt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\webcheck.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WEB.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wdscore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wdmaud.drv:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wdigest.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wdi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wdc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WcsPlugInService.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wcnwiz.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WcnEapPeerProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WcnEapAuthProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wcncsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WcnApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wbemcomn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wavemsp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\waitfor.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WABSyncProvider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\w32topl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\w32tm.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vsstrace.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vssapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vssadmin.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vss_ps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vpnikeapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\virtdisk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VIDRESZR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vidcap.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vfwwdm32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vfpodbc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\version.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\verifier.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\verifier.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\verclsid.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VEN2232.OLB:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vdsvd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vdsdyn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vdsbas.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vds_ps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vdmdbg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vcomp100.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vbscript.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vbisurf.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VBICodec.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VBAME.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vbajet32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VBAEND32.OLB:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VBAEN32.OLB:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VBADE32.OLB:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\vaultcli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Vault.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\VAN.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uxtheme.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uxlibres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uxlib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UXInit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uudf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Utilman.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\utildll.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\usp10.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\usk.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\userinit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\userenv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\usercpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UserAccountControlSettings.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UserAccountControlSettings.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\user32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\user.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\usbui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\usbperf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\usbceip.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\urlmon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\url.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ureg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\upnphost.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\upnpcont.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\upnp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\untfs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\unlodctr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uniplat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\unimdmat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\unimdm.tsp:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\umdmxfrm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ulib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UIRibbonRes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UIRibbon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uicom.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UIAutomationCore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\UIAnimation.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ufat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\uexfat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\udhisapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ucmhc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ubpm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tzutil.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tzres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\typeperf.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\typelib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\txfw32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\txflog.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\twext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tvratings.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TsWpfWrp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TSWorkspace.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TSTheme.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tspkg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tsmf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tsgqec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TSChannel.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tsbyuv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tree.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TRAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\traffic.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TRACERT.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tracerpt.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tquery.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TpmInit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tpmcompc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tpm.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tlscsp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tintlgnt.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\timeout.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TimeDateMUICallback.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\timedate.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ticrf.rat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\thumbcache.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\themeui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\themecpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\thawbrkr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\termmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\telephon.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tdh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tdc.ocx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TCPSVCS.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tcpmonui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tcpipcfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tcpbidi.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tcmsetup.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tbs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TaskSchdPS.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\taskschd.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\taskschd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\taskmgr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tasklist.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\taskkill.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\taskeng.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\taskcomp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TapiUnattend.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tapiui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TapiSysprep.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tapisrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tapiperf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\TapiMigPlugin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tapi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\tapi3.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\takeown.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\t2embed.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\systray.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesRemote.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesProtection.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesPerformance.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesHardware.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesDataExecutionPrevention.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesComputerName.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SystemPropertiesAdvanced.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\systeminfo.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\systemcpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\syssetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sysprtj.sep:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sysprint.sep:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sysmon.ocx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\syskey.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sysdm.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SynTPCOM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\syncui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SynCtrl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Syncreg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SynCOM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SyncInfrastructureps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SyncInfrastructure.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SyncHostps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SyncHost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\synceng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SyncCenter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sxstrace.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sxsstore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sxshared.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sxs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sxproxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\svchost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sud.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\subst.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SubRange.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\StructuredQuery.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Storprop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\StorageContextHandler.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\storage.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\stobject.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sti.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\stdole32.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\stdole2.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\stclient.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ssText3d.scr:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SSShim.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sspicli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ssdpapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sscore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\srvcli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\srhelper.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\srdelayed.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\srclient.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\srchadmin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqmapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlwoa.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlwid.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlunirl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlsrv32.rll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlsrv32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlcese30.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlceqp30.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sqlceoledb30.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spwizres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spwizimg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spwizeng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spwinsat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppwmi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppinst.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppcommdlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppcomapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppcext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppcc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sppc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spopk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spnet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SPInf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spfileq.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\spbcd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SortWindows6Compat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SortServer2003Compat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sort.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\softpub.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\softkbd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\snmpapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SndVolSSO.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SndVol.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SMBHelperClass.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SmartcardCredentialProvider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\slwga.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\slmgr.vbs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\slcext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\slc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sisbkup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\simpdata.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\signdrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shwebsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shutdown.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shunimpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shsvcs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shsetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shrpubw.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shpafact.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shlwapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shimgvw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shimeng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ShiftJIS.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shgina.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shfolder.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shellstyle.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shell32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shdocvw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\shacct.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SFCOM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sfc_os.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sfc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sfc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\setx.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\setupugc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\setupSNK.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\setupcln.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\setupapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\setup16.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SetIEInstalledDate.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sethc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SessEnv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\serwvdrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\services.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\serialui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SensorsCpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SensorsApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SensApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Sens.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sendmail.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\security.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\secur32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\secproc_ssp_isv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\secproc_ssp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\secproc_isv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\secproc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\secinit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sechost.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SecEdit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SearchProtocolHost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SearchIndexer.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SearchFolder.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SearchFilterHost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sdohlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sdiagprv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sdiagnhost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sdiageng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sdchange.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sdbinst.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scrrun.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scrobj.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scrnsave.scr:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scripto.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SCP32.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scksp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\schtasks.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\schedcli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\schannel.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scesrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scecli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SCardDlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\scansetting.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sberes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sbeio.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sbe.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\sas.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\SampleRes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\samlib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\samcli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\runonce.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RunLegacyCPLElevated.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rundll32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\runas.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rtutils.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rtm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rtffilt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RstrtMgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rshx32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rsaenh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rrinstaller.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RpcRtRemote.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rpcrt4.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RpcPing.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rpcnsh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RpcNs4.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RPCNDFP.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rpchttp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RpcDiag.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ROUTE.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Robocopy.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rnr20.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rmoc3260.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RmClient.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RMActivate_ssp_isv.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RMActivate_ssp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RMActivate_isv.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RMActivate.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\riched32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\riched20.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Ribbons.scr:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rgb9rast.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\resutils.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RestartManagerUninstall.mof:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RestartManager.mof:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\resmon.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RESAMPLEDMO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\replace.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rendezvousSession.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\remotesp.tsp:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\remotepg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\relog.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rekeywiz.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\regsvr32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\regini.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\regedt32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\regedit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RegCtrl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\regapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\reg.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\recover.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ReAgentc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ReAgent.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rdrleakdiag.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rdprefdrvapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rdpencom.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rdpd3d.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rdpcore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rastls.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rastapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasser.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasppp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasplap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasphone.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasmxs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasmontr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RASMM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasman.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasgcw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\raserver.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasdlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasdial.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasdiag.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasctrs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasctrnm.h:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\raschap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rascfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasautou.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasapi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\rasadhlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\radarrs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\radardt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RacRules.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\racpldlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\RacEngn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qwave.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\QUTIL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\quick.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Query.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\quartz.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\QSVRMGMT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\QSHVHOST.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qmgrprxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qintlgnt.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qedwipes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qedit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qdvd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qdv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\QCLIPROV.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qcap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\qasf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\QAGENT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pwrshplugin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\puiobj.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\puiapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pstorsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pstorec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\psr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\psisrndr.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\psisdecd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PSHED.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pscript.sep:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\psbase.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\psapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\provthrd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\provsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\proquota.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\propsys.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\profapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\prntvpt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\prnntfy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\prnfldr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\prncache.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\printui.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\printui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\print.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\prflbmsg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\prevhost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PresentationNative_v0300.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PresentationHostProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PresentationHost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\powrprof.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\powercpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\powercfg.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\powercfg.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pots.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceWMDRM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceWiaCompat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceTypes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceSyncProvider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceStatus.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceConnectApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceClassExtension.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PortableDeviceApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\poqexec.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\polstore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pnrpnsp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pnpsetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pnidui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pngfilt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pndx5032.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pndx5016.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pncrt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PlaySndSrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pla.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pku2u.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PkgMgr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pintlgnt.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PING.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pifmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pidgenx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pid.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PhysXLoader.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PhysX.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\photowiz.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PhotoScreensaver.scr:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PhotoMetadataHandler.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\phon.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfts.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PerfStringBackup.INI:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfproc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfos.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfnet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfmon.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfmon.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfhost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfdisk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\perfctrs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PerfCenterCpl.ico:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PerfCenterCPL.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pegi-pt.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pegi-fi.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pegibbfc.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pegi.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pdhui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pdh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pcwum.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pcl.sep:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pcaui.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pcaui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\pautoenr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\PATHPING.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\panmap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\packager.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\p2pnetsh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\P2PGraph.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\p2pcollab.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\P2P.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\osuninst.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\osk.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\osbaseln.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\OptionalFeatures.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\opengl32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\openfiles.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\OpenCL.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\OpcServices.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\OobeFldr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\OnLineIDCpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\onexui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\onex.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\olethk32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\olesvr32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oleres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\olepro32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oleprn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oledlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\olecli32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oleaut32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oleaccrc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oleacchooks.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oleacc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ole32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ole2nls.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ole2disp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ole2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ogldrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oflc.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\offfilt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odtext32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odpdx32.dll:coranti
Geändert von holzdan (07.10.2012 um 10:55 Uhr) |
|
07.10.2012, 10:52
| #4 |
| | SweetPacks IM , Yourfile Downloader otl.txt part 3 Code:
ATTFilter @Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odfox32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odexl32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\oddbse32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbctrac.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcjt32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcji32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcint.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbccu32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbccr32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbccp32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcconf.rsp:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcconf.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcconf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcbcp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbcad32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbc32gt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\odbc32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ocsetup.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ocsetapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\occache.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\objsel.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntvdm64.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntshrui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntprint.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntprint.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntoskrnl.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntmarta.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntlanui2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntlanman.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntkrnlpa.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntdsapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ntdll.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nslookup.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nsi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nshwfp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nshipsec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nshhttp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\npmproxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\notepad.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\normaliz.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NOISE.THA:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\noise.kor:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\noise.jpn:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NOISE.DAT:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NOISE.CHT:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NOISE.CHS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsModels0011.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0c1a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons081a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0816.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0416.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0414.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons004e.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons004c.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons004b.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons004a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0049.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0047.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0046.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0045.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons003e.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0039.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons002a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0027.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0026.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0024.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0022.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0021.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0020.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons001d.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons001b.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons001a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0019.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0018.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0013.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0011.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0010.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons000f.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons000d.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons000c.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons000a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0009.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0007.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0003.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0002.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsLexicons0001.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Nlsdl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0c1a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData081a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0816.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0416.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0414.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData004e.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData004c.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData004b.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData004a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0049.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0047.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0046.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0045.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData003e.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0039.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData002a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0027.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0026.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0024.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0022.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0021.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0020.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData001d.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData001b.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData001a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0019.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0018.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0013.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0011.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0010.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData000f.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData000d.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData000c.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData000a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0009.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0007.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0003.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0002.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0001.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NlsData0000.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nlsbres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nlmsprep.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nlmgp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nlhtml.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nlaapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\newdev.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\newdev.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\networkmap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\networkitemfactory.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\networkexplorer.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netutils.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NETSTAT.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netshell.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netsh.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netprofm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netprof.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Netplwiz.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netplwiz.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netmsg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netlogon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netjoin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netiougc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netiohlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netid.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\neth.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netfxperf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netevent.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netdiagfx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netcorehc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netcfgx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netcenter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netbtugc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netbios.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\netapi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\net1.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\net.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\negoexts.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndptsp.tsp:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndproxystub.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndishc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndiscapCfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndfhcdiscovery.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NdfEventView.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndfetw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndfapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nddeapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ndadmin.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ncsi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ncryptui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ncrypt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ncpa.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ncobjapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\nci.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NcdProp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NaturalLanguage6.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NativeHooks.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NAPSTAT.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NAPMONTR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\napipsec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NapiNSP.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NAPHLPR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\napdsnap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NAPCRYPT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\NAPCLCFG.MSC:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Mystify.scr:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mydocs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mycomput.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MuiUnattend.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\muifontsetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mtxoci.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mtxlegih.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mtxex.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mtxdm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mtxclu.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mtstocom.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msyuv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxml6r.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxml6.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxml4r.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxml4a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxml3r.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxml3.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msxbde40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mswstr10.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mswsock.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mswmdm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mswdat10.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSVidCtl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvidc32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvfw32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcrt40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcrt20.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcrt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcr70.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcr100_clr0400.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcr100.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcp60.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcp100.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvcirt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msvbvm60.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msv1_0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msutb.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mstscax.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mstsc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mstext40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mstask.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msswch.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssvp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSSTDFMT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssrch.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssprxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssphtb.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssph.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssitlb.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssip32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssign32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msshooks.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msshavmsg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mssha.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msscript.ocx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msscp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msscntrs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msrle32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msrepl40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MsRdpWebAccess.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msrdc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msrd3x40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msrd2x40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msrating.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MsraLegacy.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msra.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msports.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mspbde40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mspatcha.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mspaint.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msorcl32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msorc32r.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msoert2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msoeacct.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msobjs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSNP.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msnetobj.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msmpeg2vdec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSMPEG2ENC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msmpeg2adec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msltus40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msls31.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msjtes40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msjter40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msjint40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msjetoledb40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msjet40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msisip.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msinfo32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msimtf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msimsg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msimg32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msiltcfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msihnd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msiexec.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msieftp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msidntld.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msidle.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msident.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msidcrl30.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mshtmler.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mshtmled.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mshtml.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mshtml.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mshta.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msgsm32.acm:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msg711.acm:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msftedit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msfeedssync.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msfeedsbs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msfeeds.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msexcl40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msexch40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSDvbNP.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdtcVSp1res.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdtcuiu.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdtcprx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdt.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdrm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdmo.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdelta.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdatsrc.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdart.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msdadiag.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msctfui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msctfp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MsCtfMonitor.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msctfime.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msctf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscpxl32.dLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscpx32r.dLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscories.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscorier.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscoree.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSCOMCTL.OCX:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscms.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msclmd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscat32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mscandui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msaudite.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msasn1.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msafd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msadp32.acm:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msacm32.drv:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msacm32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MSAC3ENC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\msaatext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MRINFO.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mprmsg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mprdim.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mprddm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mprapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mpr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MPG4DECD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mpg2splt.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Mpeg2Data.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MP4SDECD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MP43DECD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MP3DMOD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mountvol.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\moricons.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\more.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\modemui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mode.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mobsync.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmsys.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MMDevAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmcshext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmcndmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmcico.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmci.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmcbase.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mmc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mlang.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mlang.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mimefilt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\miguiresource.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\migisol.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MigAutoPlay.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\midimap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mgmtapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MFWMAAEC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfvdsp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfreadwrite.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfpmp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MFPlay.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfplat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfmjpegdec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfh264enc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mferror.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfdvdec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfds.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfcsubs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfcm100u.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfcm100.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc42u.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc42.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc40u.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc40.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100u.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100rus.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100kor.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100jpn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100ita.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100fra.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100esn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100enu.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100deu.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100cht.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100chs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfc100.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mfAACEnc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mf3216.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mdminst.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mctres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mciwave.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mciseq.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mciqtz32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mcicda.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mciavi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\MCEWMDRMNDBootstrap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mcbuilder.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mapisvc.inf:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mapistub.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\mapi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\makecab.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\main.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Magnify.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Magnification.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lz32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lusrmgr.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\luainstall.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lsmproxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lpk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\logoncli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\logman.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\loghours.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\logagent.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lodctr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\locationnotificationsview.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\LocationNotifications.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\LocationApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\localsec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\locale.nls:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\loadperf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\linkinfo.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\licmgr10.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\license.rtf:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lcptr.tbl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\lcphrase.tbl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\LAPRXY.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\label.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\l3codecp.acm:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\l3codeca.acm:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\L2SecHC.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\l2nacp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\l2gpstore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\l_intl.nls:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ktmw32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ktmutil.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ksxbar.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Kswdmcap.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ksuser.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kstvtune.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ksproxy.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\korwbrkr.lex:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\korwbrkr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\korean.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kmddsp.tsp:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\keymgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\keyiso.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KernelBase.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kernel32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kerberos.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kdbsdk32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDYCL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDYCC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDYBA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDYAK.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDWOL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDVNTC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUZB.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUSX.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUSR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUSL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUSA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUS.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDURDU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUR1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUKX.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUK.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUGHR1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDUGHR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTURME.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTUQ.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTUF.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTIPRC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTH3.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTH2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTH1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTH0.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTAT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDTAJIK.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSYR2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSYR1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSW09.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSW.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSP.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSORST.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSORS1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSOREX.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSN1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSMSNO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSMSFI.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSL1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSG.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDSF.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDRU1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDRU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDROST.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDROPR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDRO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDPO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDPL1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDPL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDPASH.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDNSO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDNO1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDNO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDNEPR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdnecnt.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdnecat.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdnec95.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdnec.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDNE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMONMO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMON.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMLT48.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMLT47.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMAORI.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMACST.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDMAC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLV1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLV.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLT2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLT1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdlk41a.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLAO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDLA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDKYR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDKOR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDKHMR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDKAZ.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDJPN.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDIULAT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDIT142.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDIT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDIR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINUK2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINTEL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINTAM.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINPUN.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINORI.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINMAR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINMAL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINKAN.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINHIN.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINGUJ.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINDEV.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINBEN.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINBE2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINBE1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDINASA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDIC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDIBO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdibm02.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHU1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHEPT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHELA3.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHELA2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHEB.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHE319.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHE220.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDHAU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDGRLND.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDGR1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDGR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDGKL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdgeoqw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdgeoer.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDGEO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDGAE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDFR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDFO.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDFI1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDFI.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDFC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDFA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDEST.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDES.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDDV.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDDIV2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDDIV1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDDA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDCZ2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDCZ1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDCZ.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDCR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDCAN.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDCA.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBULG.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBLR.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBHC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBGPH1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBGPH.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBENE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDBASH.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDAZEL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDAZE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbdax2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDARMW.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDARME.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDAL.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDA3.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDA2.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\KBDA1.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd106n.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd106.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd103.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd101c.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd101b.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd101a.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kbd101.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kanji_2.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\kanji_1.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\jsproxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\jscript9.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\jscript.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\joy.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iyuv_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ivfsrc.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\itss.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\itircl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\isoburn.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsiwmi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsium.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsied.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsidsc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsicpl.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsicpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iscsicli.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\irprops.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\irclass.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir50_qcx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir50_qc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir50_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir41_qcx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir41_qc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir41_32.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ir32_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ipsmsnap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ipsecsnp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iprtrmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iprtprio.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iprop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IPHLPAPI.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ipconfig.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IPBusEnumProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iologmsg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\intl.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\instnm.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\inseng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\input.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\InkEd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\infocardcpl.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\infocardapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\InfDefaultInstall.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\INETRES.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\inetmib1.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\inetcpl.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\inetcomm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imm32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imkr80.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IMJP10K.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IMJP10.IME:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imgutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imapi2fs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imapi2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imagesp1.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imageres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imagehlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\imaadp32.acm:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\igkrng500.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\igfcg500m.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\igfcg500.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\igdumd32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\igd10umd32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\igcompkrng500.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ifsutilx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ifsutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ifmon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iexpress.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieUnatt.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieuinit.inf:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iesysprep.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iesetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iertutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iernonce.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iepeers.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieframe.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iedkcs32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieapfltr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieapfltr.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieakui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieaksie.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ieakeng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IEAdvpack.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ie4uinit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IDStore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\idndl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ideograf.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icsunattend.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icsigd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icrav03.rat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IconCodecService.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icmui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icmp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icm32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iccvid.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icardres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icardie.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icardagt.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\icacls.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iassvcs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iassdo.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iassam.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iasrecst.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iasrad.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iaspolcy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iasnap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\IasMigPlugin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iashlpr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iasdatastore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iasads.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iasacct.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ias.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\iac25_32.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\htui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\httpapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\html.iec:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\HOSTNAME.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hnetmon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hnetcfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hlp95en.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hlink.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hidserv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hidphone.tsp:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hid.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hhsetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hhctrl.ocx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hh.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hgcpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\HelpPaneProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\help.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hdwwiz.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hdwwiz.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hcproviders.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\hbaapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\grpconv.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\grb.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gpupdate.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gptext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gpresult.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gpprnext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gpedit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gpapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\glu32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\glmf32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\getuname.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\getmac.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gdi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gcdef.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gb2312.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\GameUXLegacyGDFs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\gameux.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\g711codc.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FXSXP32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FXSRESM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FXSEXT32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FXSCOMEX.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FXSCOM.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FXSAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FwRemoteSvr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FWPUCLNT.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fwcfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fundisc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ftp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fthsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fsutil.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fsmgmt.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\framedynos.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\framedyn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fphc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\format.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\forfiles.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fontview.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fontsub.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fontext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fms.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fmifs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FM20ENU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FM20DEU.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FM20.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fltMC.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fltLib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FlashPlayerApp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fixmapi.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FirewallControlPanel.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\FirewallAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Firewall.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\finger.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\findstr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\findnetprinters.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\find.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\filemgmt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\feclient.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdWSD.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdWNet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdWCN.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdSSDP.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdPnp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdeploy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fde.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdBthProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fdBth.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\fc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Faultrep.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\f3ahvoas.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\extrac32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\expsrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ExplorerFrame.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\explorer.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\expand.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\evr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eventvwr.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eventvwr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EventViewer_EventDetails.xsl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eventcreate.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eventcls.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eudcedit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\esrb.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\esentutl.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\esentprf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\esent.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\es.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eqossnap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EncDec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\encapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\elsTrans.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\elslad.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ELSCore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\els.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EhStorShell.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EhStorPwdMgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EhStorAuthn.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EhStorAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\efsutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\efsui.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\efscore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\efsadu.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\EAPQEC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eappprxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eapphost.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eappgnui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eappcfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\eapp3hst.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dxva2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dxtrans.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dxtmsft.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DxpTaskSync.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DXPTaskRingtone.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dxgi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dxdiagn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dxdiag.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DWWIN.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DWrite.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dwmcore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dwmapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dvdupgrd.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dvdplay.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\duser.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dui70.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dtsh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dswave.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsuiext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dssenh.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dssec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dssec.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsrole.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsquery.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsprop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsound.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dskquoui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dskquota.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DShowRdpFilter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsdmo.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dsauth.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ds32gt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drvstore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drvinst.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drttransport.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drtprov.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drprov.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drmv2clt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drmmgrtn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drivers\wimmount.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drivers\gmreadme.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drivers\gm.dls:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\drivers\DKbFltr.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\driverquery.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpwsockx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnsvr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnlobby.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnhupnp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnhpast.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnathlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpnaddr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpmodemx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dplayx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dplaysvr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DpiScaling.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpapiprovider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dpapimig.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3ui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3msm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3hc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3gpui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3gpclnt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3dlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3cfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dot3api.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\doskey.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\docprop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dnscmmc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dnscacheugc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dnsapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmview.ocx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmvdsitf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmusic.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmsynth.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmstyle.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmscript.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmrc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmocx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmloader.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmintf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmime.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmdskres2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmdskres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmdskmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmdlgs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmcompos.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dmband.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dllhst3g.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dllhost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DisplaySwitch.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Display.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dispex.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Dism.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskraid.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskperf.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskpart.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskmgmt.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskcopy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskcopy.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diskcomp.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dinput8.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dinput.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dimsroam.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dimsjob.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\difxapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\diantz.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dialer.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dhcpsapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DHCPQEC.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dhcpcsvc6.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dhcpcsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dhcpcore6.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dhcpcore.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dhcpcmonitor.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DfsShlEx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dfshim.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dfscli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dfrgui.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\devrtl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\devobj.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\devmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\devmgmt.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DeviceUxRes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DeviceProperties.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DevicePairingWizard.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DevicePairingProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DevicePairingHandler.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DevicePairingFolder.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DevicePairing.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DeviceMetadataParsers.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DeviceDisplayStatusManager.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DeviceCenter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\devenum.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\deskperf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\deskmon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\deskadp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\desk.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\defaultlocationcpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ddrawex.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ddraw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DDORes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DDOIProxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ddodiag.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\DDACLSys.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dcomcnfg.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dciman32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dccw.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dbnmpntw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dbnetlib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dbghelp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dbgeng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\davhlpr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\davclnt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\dataclen.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3dxof.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3dx9_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3dx9_27.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3dramp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3dim700.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3dim.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d9.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d8thk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d8.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d11.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d10warp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d10level9.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d10core.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d10_1core.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d10_1.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d3d10.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\d2d1.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cttunesvr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cttune.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ctl3d32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ctfmon.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CSVer.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\csrr.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cscript.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cscdll.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cscapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptxml.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptsp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptnet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptdll.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptdlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cryptbase.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\crypt32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\crtdll.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\credwiz.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\credui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\credssp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CPFilters.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\convert.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\control.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\console.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\connect.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comuid.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comsvcs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comsnap.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comres.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comrepl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ComputerDefaults.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\compstui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\compobj.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\compmgmt.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\compact.exe:coranti
|
|
07.10.2012, 10:53
| #5 |
| | SweetPacks IM , Yourfile Downloader otl.txt part 4 Code:
ATTFilter @Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comexp.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comdlg32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comctl32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\comcat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\colorui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\colorcpl.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\COLORCNV.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\colbact.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cnvfat.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cngprovider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cngaudit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmstplua.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmstp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmpbk32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmmon32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmlua.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmipnpinstall.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmifw.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmicryptinstall.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmdl32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmdkey.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmdial32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmd.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cmcfg32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\clusapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\clip.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cliconfg.rll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cliconfg.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cliconfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\clfsw32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cleanmgr.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\clbcatq.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\clb.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cipher.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cintlgnt.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cic.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CHxReadingStringIME.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\chtbrkr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\chsbrkr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\choice.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\chkntfs.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\chkdsk.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\chcp.com:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\charmap.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\chajei.ime:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cfgmgr32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cfgbkend.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cewmdm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certutil.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certreq.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CertPolEng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certmgr.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certmgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CertEnrollUI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CertEnrollCtrl.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CertEnroll.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certenc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certCredProvider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\certcli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cero.rs:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cdosys.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\CCCInstall_201203111630271511.log:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cca.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\catsrvut.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\catsrvps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\catsrv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\capisp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\capiprovider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\capicom.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\calc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cacls.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cabview.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\cabinet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_ISCII.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_IS2022.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_G18030.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_950.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_949.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_936.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_932.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_875.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_874.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_870.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_869.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_866.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_865.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_864.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_863.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_862.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_861.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_860.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_858.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_857.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_855.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_852.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_850.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_775.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_737.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_720.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_708.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_500.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_437.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28605.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\c_28603.nls:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28599.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28598.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28597.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28596.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28595.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28594.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28593.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28592.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_28591.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_21866.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_21027.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_21025.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20949.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20936.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20932.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20924.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20905.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20880.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20871.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20866.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20838.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20833.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20424.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20423.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20420.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20297.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20290.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20285.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20284.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20280.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20278.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20277.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20273.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20269.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20261.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20127.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20108.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20107.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20106.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20105.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20005.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20004.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20003.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20002.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20001.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_20000.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1361.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1258.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1257.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1256.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1255.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1254.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1253.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1252.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1251.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1250.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1149.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1148.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1147.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1146.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1145.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1144.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1143.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1142.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1141.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1140.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1047.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_1026.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10082.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10081.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10079.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10029.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10021.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10017.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10010.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10008.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10007.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10006.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10005.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10004.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10003.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10002.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10001.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_10000.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\C_037.NLS:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\BWUnpairElevated.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\BWContextHandler.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Bubbles.scr:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\btpanui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bthudtask.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bthprops.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\browseui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\browcli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bopomofo.uce:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\BOOTVID.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bootcfg.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\boot.sdi:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\blackbox.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsprx6.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsprx5.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsprx4.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsprx3.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsprx2.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsperf.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bitsadmin.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\BioCredProv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bidispl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bdaplgin.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bcryptprimitives.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\bcrypt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\batmeter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\basecsp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AzSqlExt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\azroleui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\azroles.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\azman.msc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\avrt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\avifil32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\avicap32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AuxiliaryDisplayCpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AuxiliaryDisplayApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\autoplay.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\autofmt.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\autoconv.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\autochk.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\authz.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\authui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AuthFWWizFwk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AuthFWSnapin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AuthFWGP.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\authfwcfg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\auditpol.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AudioSes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AUDIOKSE.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AudioEng.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\audiodev.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\attrib.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atmlib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atmfd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atl100.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ativvsvl.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ativvsva.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atiumdmv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atipdlxx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\atipblag.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AtBroker.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\at.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\asycfilt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\asferror.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ARP.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\apss.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\appwiz.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\appidapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Apphlpdm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\apphelp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\apisetschema.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\apircl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-service-winsvc-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-service-management-l2-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-service-management-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-service-core-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-security-sddl-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-security-lsalookup-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\apilogen.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\apds.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\amxread.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\amstream.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AltTab.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelSwedish.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelSpanish.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelPortugese.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelKorean.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelJapanese.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelGerman.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AgCPanelFrench.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\aeevts.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\aecache.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\advpack.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\advapi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\adtschema.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\adsnt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\adsmsext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\adsldpc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\adsldp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\adprovider.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\admparse.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\AdapterTroubleshooter.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\actxprxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\activeds.tlb:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\activeds.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ActionCenterCPL.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ActionCenter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\acppage.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\aclui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\acledit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ACCTRES.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\accessibilitycpl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\aaclient.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\12520850.cpx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\12520437.cpx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\system.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysNative\drivers\etc\services:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysNative\drivers\etc\protocol:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysNative\drivers\etc\networks:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysNative\drivers\etc\lmhosts.sam:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysNative\drivers\etc\hosts.20121006-162602.backup:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Suyin.reg:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Starter.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\splwow64.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\RtlExUpd.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\regedit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Prelaunch.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\PLFSetI.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\PLaunch.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\PidList.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\PatchFul.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\ParseModule_X86.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\ParseModule_X64.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\ODBC.INI:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\notepad.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\NewDeployWinRE.cmd:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\msdfmap.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\MOD01SET75000N0006.enc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\MOD01SET74DE0N0003.XML:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\MOD01SET74DE0N0003.enc:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\mib.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\LManager.UNI:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\LaunApp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Image.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\HomePremium.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\HomeBasic.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\hh.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\HelpPane.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\GVUni.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\GridV.UNI:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\fveupdate.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Fonts\GlobalSerif.CompositeFont:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Fonts\GlobalMonospace.CompositeFont:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Factory.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\explorer.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\epplauncher.mif:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\EB6BE8A5-11AE-4e2b-8B6E-974168C301C8.DSI:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\CSUP.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\ChangeLang_Done.tag:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Capsule.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\bootstat.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\bfsvc.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\agrsmdel.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\agrdel64.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Acer Crystal Eye webcam.ico:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\Acer Crystal Eye webcam.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\0:coranti
@Alternate Data Stream - 52 bytes -> C:\vcredist.bmp:coranti
@Alternate Data Stream - 52 bytes -> C:\VC_RED.MSI:coranti
@Alternate Data Stream - 52 bytes -> C:\VC_RED.cab:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\Public\Documents\NTILiveUpdate.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\Public\Documents\NTIBUN5.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\Public\Documents\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\SecurityKISSTunnel.config:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\ntuser.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\Documents\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\Desktop\END Strom.PDF:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\AppData\Local\GDIPFONTCACHEV1.DAT:coranti
@Alternate Data Stream - 52 bytes -> C:\Users\aaa\AppData\Local\fusioncache.dat:coranti
@Alternate Data Stream - 52 bytes -> C:\user.js:coranti
@Alternate Data Stream - 52 bytes -> C:\RHDSetup.log:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\PS.log:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\FullRemove.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\ArcadeDeluxe3.log:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\1331426446.4376.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\1331426446.3724.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\1331426446.3708.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\1331426446.2708.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\ProgramData\1331420176.bdinstall.bin:coranti
@Alternate Data Stream - 52 bytes -> C:\Program Files\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Program Files (x86)\Steam\Steam.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Program Files (x86)\desktop.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Program Files (x86)\Common Files\Acer GameZone online.ico:coranti
@Alternate Data Stream - 52 bytes -> C:\Preload.rev:coranti
@Alternate Data Stream - 52 bytes -> C:\Patch.rev:coranti
@Alternate Data Stream - 52 bytes -> C:\mcdbp.log:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.3082.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.2052.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1049.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1042.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1041.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1040.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1036.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1033.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1031.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.res.1028.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\install.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\install.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\globdata.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.3082.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.2052.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1049.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1042.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1041.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1040.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1036.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1033.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1031.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\eula.1028.txt:coranti
@Alternate Data Stream - 52 bytes -> C:\BOOTSECT.BAK:coranti
@Alternate Data Stream - 52 bytes -> C:\bootmgr:coranti
@Alternate Data Stream - 52 bytes -> C:\bdlog.txt:coranti
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:F297470E
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >
|
|
07.10.2012, 18:57
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SweetPacks IM , Yourfile DownloaderZitat:
__________________ --> SweetPacks IM , Yourfile Downloader |
|
07.10.2012, 21:02
| #7 |
| | SweetPacks IM , Yourfile DownloaderCode:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.04.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 aaa :: AAA-PC [Administrator] 07.10.2012 11:37:07 mbam-log-2012-10-07 (11-37-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 345652 Laufzeit: 35 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
07.10.2012, 21:11
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SweetPacks IM , Yourfile Downloader Sind das alle Logs von Malwarebytes?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.10.2012, 21:19
| #9 |
| | SweetPacks IM , Yourfile Downloader Es sind mehrere aber alle mit dem selben inhalt |
|
07.10.2012, 21:26
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SweetPacks IM , Yourfile Downloader Verschiedene Logs mit demselben Inhalt?   Wie auch immer: es wurde nichts und niemals was gefunden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.10.2012, 21:29
| #11 |
| | SweetPacks IM , Yourfile Downloader mit Malwarebytes nicht. klar hatte ich mal irgendwann was drauf aber das ist schon lange her und kann mich nicht mehr an di malware erinnern , auch nicht welches av ich damals benutzte... ich wechsele staendig av programme und probier wieder andere aus. Habe Malwarebytes uebrigens erst vor einigen Tagen installiert |
|
07.10.2012, 21:42
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SweetPacks IM , Yourfile DownloaderZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.10.2012, 11:34
| #13 |
| | SweetPacks IM , Yourfile Downloader habe windows nun bereits um die 2 Jahre installiert und noch nie formatiert... daher kann ich mich nicht mehr genau erinnern was damals gefunden wurde , ich erinnere mich nur noch daran dass mal etwas gefunden wurde aber das ist ja eher die Regel als die Ausnahme... |
|
08.10.2012, 13:13
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SweetPacks IM , Yourfile Downloader Weiß du denn welcher Scanner was gefunden hat? Wenn ja ist vllt noch das Log da?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.10.2012, 17:54
| #15 |
| | SweetPacks IM , Yourfile Downloader nein kann mich wirklich nicht mehr daran erinnern. Habe auch die Verzeichnisse nach eventuellen Logs untersucht. Leider nix zu finden , sorry |
|
| Themen zu SweetPacks IM , Yourfile Downloader |
| anderen, cc cleaner, cleaner, downloader, einfach, erkennen, eset, infektion, installiert, internet, langsam, lizenz, log, malwarebytes, posten, scan, scanner, schutz, security, suite, sweetpacks, system, tools, tune up, verschiedene, wirklich, übrig, yourfile downloader |
Linear-Darstellung
