| |
| |||||||
Log-Analyse und Auswertung: Spam - Mails mit meinem Absender an mein AdressbuchWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
20.04.2016, 03:28
| #1 |
 |  Spam - Mails mit meinem Absender an mein Adressbuch Hallo, jemand oder etwas hat heute an mein gesamtes Adressbuch plus aller Adressen, die z.B. nur als Kopieempfänger in Mails standen, die ich mal erhalten habe (Adressen, die mich oder die ich selbst nie kontaktiert habe), Spam-/Virus-Mails mit meinem Absender verschickt. Ich hatte allein ca. 40 "Mail delivery failed"-E-Mails in meinem Postfach. Unter "Gesendet" stehen die Mails nicht. Passwort habe ich geändert. Falls es wichtig ist: ich habe ein Kleingewerbe. Es besteht nur aus mir, eine IT-Abteilung habe ich nicht. Comodo hat nichts gemeldet oder gefunden. Tausend Dank für die Hilfe! Kaffee Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016 durchgeführt von Mel (Administrator) auf MELLI (20-04-2016 03:21:03) Gestartet von C:\Users\Mel\Downloads Geladene Profile: Mel & (Verfügbare Profile: Mel) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (AdTrustMedia) C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogService.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (AdTrustMedia) C:\Program Files (x86)\AdTrustMedia\PrivDog\2.2.0.14\trustedadssvc.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (GoPro) C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\simpress.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\McUICnt.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6842000 2012-09-25] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-09-28] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [11229696 2012-09-18] (Dell Inc.) HKLM\...\Run: [DellWPF] => C:\Program Files\Synaptics\SynTP\DellTouchpad.exe [5023984 2015-07-01] () HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-04-13] (COMODO) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164080 2015-06-30] (IvoSoft) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2796272 2015-07-01] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2016-02-09] (Apple Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2016-02-09] (Apple Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH) HKLM-x32\...\Run: [PrivDogService] => C:\Program Files (x86)\AdTrustMedia\PrivDog\2.2.0.14\trustedadssvc.exe [662184 2014-06-17] (AdTrustMedia) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [GoPro Studio Importer] => C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe [3218184 2015-12-07] (GoPro) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [60688 2016-02-09] (Apple Inc.) HKU\S-1-5-21-3436712697-1915681797-834199881-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135160 2014-01-28] (PC Utilities Software Limited) HKU\S-1-5-21-3436712697-1915681797-834199881-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-28] (Piriform Ltd) HKU\S-1-5-21-3436712697-1915681797-834199881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135160 2014-01-28] (PC Utilities Software Limited) HKU\S-1-5-21-3436712697-1915681797-834199881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-28] (Piriform Ltd) HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [60688 2016-02-09] (Apple Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-02-28] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-08] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG CHR HKU\S-1-5-21-3436712697-1915681797-834199881-1001\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG CHR HKU\S-1-5-21-3436712697-1915681797-834199881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{F4FB4CEC-014F-4D8F-A0FC-3E7B000991F7}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3436712697-1915681797-834199881-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130892486228506907&GUID=D00FD029-311D-44C6-89EF-5EC74D2BD500 HKU\S-1-5-21-3436712697-1915681797-834199881-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com HKU\S-1-5-21-3436712697-1915681797-834199881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130892486228506907&GUID=D00FD029-311D-44C6-89EF-5EC74D2BD500 HKU\S-1-5-21-3436712697-1915681797-834199881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com SearchScopes: HKU\S-1-5-21-3436712697-1915681797-834199881-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo SearchScopes: HKU\S-1-5-21-3436712697-1915681797-834199881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-06-27] (IvoSoft) BHO: Kein Name -> {ea896dda-28ab-40bd-9a59-68fde8d68196} -> Keine Datei BHO: Kein Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Keine Datei BHO: Kein Name -> {F2B34DA5-14AF-8CF9-FF1C-D4EEF61C0313} -> Keine Datei BHO: PrivDog Extension -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll [2014-06-17] (AdTrustMedia) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-06-27] (IvoSoft) BHO-x32: PrivDog Extension -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> C:\Program Files (x86)\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll [2014-06-17] (AdTrustMedia) Toolbar: HKLM - Kein Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft) FireFox: ======== FF ProfilePath: C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\s8geii9f.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-09] () FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-09] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3436712697-1915681797-834199881-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Mel\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-10] (Citrix Online) FF Plugin HKU\S-1-5-21-3436712697-1915681797-834199881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Mel\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-10] (Citrix Online) FF Extension: ADB Helper - C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\s8geii9f.default\Extensions\adbhelper@mozilla.org [2016-02-13] FF Extension: Valence - C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\s8geii9f.default\Extensions\fxdevtools-adapters@mozilla.org [2016-02-24] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nicht gefunden FF HKU\S-1-5-21-3436712697-1915681797-834199881-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-09-13] [ist nicht signiert] FF HKU\S-1-5-21-3436712697-1915681797-834199881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff Chrome: ======= CHR dev: Chrome dev build erkannt! <======= ACHTUNG CHR Profile: C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Store) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-17] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG CHR Extension: (Google Drive) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-02] CHR Extension: (YouTube) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-02] CHR Extension: (Store) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2015-06-06] [UpdateUrl: hxxp://privdog.com/updates/1123/googlechrome/update.xml] <==== ACHTUNG CHR Extension: (Google-Suche) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-17] CHR Extension: (Vichrome) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gghkfhpblkcmlkmpcpgaajbbiikbhpdi [2014-07-02] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG CHR Extension: (Full Screen) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima [2014-10-28] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG CHR Extension: (Store) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgaofoblihpmholkpioedjelemgjpafl [2014-06-09] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG CHR Extension: (Recycle Bin) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfbchidonfnclempkcojlpijhmoalhi [2014-09-01] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG CHR Extension: (Online 8 Ball Pool Multiplayer) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime [2014-08-03] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG CHR Extension: (Google Wallet) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-17] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG CHR Extension: (Google Mail) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-02] CHR HKU\S-1-5-21-3436712697-1915681797-834199881-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Users\Mel\AppData\Local\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2014-04-23] CHR HKU\S-1-5-21-3436712697-1915681797-834199881-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-03-27] CHR HKU\S-1-5-21-3436712697-1915681797-834199881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Users\Mel\AppData\Local\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2014-04-23] CHR HKU\S-1-5-21-3436712697-1915681797-834199881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-03-27] Opera: ======= OPR Extension: (Adblock Plus) - C:\Users\Mel\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-03-08] StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-11-08] (Apple Inc.) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.) R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2304184 2016-04-08] (Comodo) R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5799552 2016-04-15] (COMODO) R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-04-15] (COMODO) S2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-10-15] (Dell Inc.) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-04-09] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-04-09] (Dell Inc.) S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [Datei ist nicht signiert] R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-09-11] (Dell Inc.) R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [Datei ist nicht signiert] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-04-08] (McAfee, Inc.) R2 Privacy Content Firewall; C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogService.exe [2059392 2015-03-09] (AdTrustMedia) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-09-01] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS) R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-03-21] (Dell Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-12] (Microsoft Corporation) R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6334464 2012-09-18] (Dell Inc.) [Datei ist nicht signiert] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R1 admnfd; C:\WINDOWS\system32\Drivers\admnfd.sys [49496 2014-12-04] (Windows (R) Win 7 DDK provider) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6834760 2012-09-13] (Broadcom Corporation) R1 browserMon; C:\Windows\System32\DRIVERS\browserMon.sys [20728 2015-03-09] (Windows (R) Win 7 DDK provider) R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2015-12-30] (Windows (R) Win 7 DDK provider) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-04-06] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [846104 2016-04-06] (COMODO) R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45600 2016-04-06] (COMODO) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-13] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2016-03-21] (Dell Computer Corporation) S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [138560 2016-04-06] (COMODO) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-20] (Malwarebytes) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2015-07-01] (Synaptics Incorporated) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-08-12] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-08-12] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-08-12] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-04-20 03:21 - 2016-04-20 03:23 - 00026290 _____ C:\Users\Mel\Downloads\FRST.txt 2016-04-20 03:20 - 2016-04-20 03:21 - 00000000 ____D C:\FRST 2016-04-20 03:18 - 2016-04-20 03:18 - 02375680 _____ (Farbar) C:\Users\Mel\Downloads\FRST64.exe 2016-04-20 03:12 - 2016-04-20 03:13 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-04-20 03:12 - 2016-04-20 03:12 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-04-20 03:12 - 2016-04-20 03:12 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-04-20 03:12 - 2016-04-20 03:12 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-04-20 03:12 - 2016-04-20 03:12 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-04-20 03:12 - 2016-04-20 03:12 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-04-20 03:12 - 2016-04-20 03:12 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-04-20 03:09 - 2016-04-20 03:09 - 01475080 _____ C:\Users\Mel\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2016-04-18 02:19 - 2016-04-18 02:19 - 00107206 _____ C:\Users\Mel\Desktop\KfzVersicherung_eVB_1411-0177-3540-59.pdf 2016-04-18 02:11 - 2016-04-18 02:11 - 00236557 _____ C:\Users\Mel\Desktop\Versicherungsbedingungen_ROLAND_Schutzbrief.pdf 2016-04-16 11:24 - 2016-04-16 11:24 - 00000000 ____D C:\ProgramData\Comodo Downloader 2016-04-15 10:29 - 2016-04-15 10:29 - 00200202 _____ C:\Users\Mel\Downloads\BYAFFTD.pdf 2016-04-14 00:57 - 2016-04-14 01:01 - 00027057 _____ C:\Users\Mel\Desktop\Rechnung_Hufschuhe_Reema_Jacima04_16_Korrigiert.pdf 2016-04-13 15:15 - 2016-04-17 22:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-04-13 14:39 - 2016-04-13 03:32 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-04-13 14:39 - 2016-04-13 03:32 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-04-13 03:10 - 2016-04-13 03:10 - 25817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 15415808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 13811712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 02892800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 02285056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-04-13 03:10 - 2016-04-13 03:10 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-04-13 03:10 - 2016-04-13 03:10 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-04-13 03:10 - 2016-04-13 03:10 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2016-04-13 03:10 - 2016-04-13 03:10 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys 2016-04-13 03:10 - 2016-04-13 03:10 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 02609152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 01455104 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe 2016-04-13 03:09 - 2016-04-13 03:09 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 00952928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-04-13 03:09 - 2016-04-13 03:09 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-04-13 03:09 - 2016-04-13 03:09 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-04-13 03:09 - 2016-04-13 03:09 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-04-13 03:09 - 2016-04-13 03:09 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-04-13 03:09 - 2016-04-13 03:09 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll 2016-04-13 03:09 - 2016-04-13 03:09 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll 2016-04-13 03:09 - 2016-02-03 17:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys 2016-04-13 03:08 - 2016-04-13 03:08 - 22365472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 07452512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-04-13 03:08 - 2016-04-13 03:08 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 02757616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-04-13 03:08 - 2016-04-13 03:08 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 02592256 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-04-13 03:08 - 2016-04-13 03:08 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 01663192 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-04-13 03:08 - 2016-04-13 03:08 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe 2016-04-13 03:08 - 2016-04-13 03:08 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-04-13 03:08 - 2016-04-13 03:08 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-04-13 03:08 - 2016-04-13 03:08 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-04-13 03:08 - 2016-04-13 03:08 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 01133752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2016-04-13 03:08 - 2016-04-13 03:08 - 00955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2016-04-13 03:08 - 2016-04-13 03:08 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe 2016-04-13 03:08 - 2016-04-13 03:08 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-04-13 03:08 - 2016-04-13 03:08 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-04-13 03:08 - 2016-04-13 03:08 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2016-04-13 03:08 - 2016-04-13 03:08 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2016-04-13 03:08 - 2016-04-13 03:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00273264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2016-04-13 03:08 - 2016-04-13 03:08 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2016-04-13 03:08 - 2016-04-13 03:08 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll 2016-04-13 03:08 - 2016-04-13 03:08 - 00099672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys 2016-04-13 03:08 - 2016-04-13 03:08 - 00072024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys 2016-04-13 03:07 - 2016-04-13 03:07 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-04-13 03:07 - 2016-04-13 03:07 - 00551256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2016-04-13 03:07 - 2016-04-13 03:07 - 00316760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2016-04-13 03:07 - 2016-04-13 03:07 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll 2016-04-11 04:01 - 2016-04-11 04:01 - 00017149 _____ C:\Users\Mel\Desktop\RE_1604_Christina Bosch dos Santos.odt 2016-04-11 03:00 - 2016-04-11 03:00 - 00018889 _____ C:\Users\Mel\Desktop\Rechnung_Hufschuhe_Winni04_16.odt 2016-04-09 00:04 - 2016-04-09 00:04 - 00000000 __HDC C:\ProgramData\{05EE3202-A879-4F9D-895C-AC535855E0A9} 2016-04-08 01:31 - 2016-04-08 01:31 - 00001982 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2016-04-08 01:31 - 2016-04-08 01:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2016-04-08 01:28 - 2016-04-08 01:28 - 00000000 ____D C:\Program Files (x86)\Comodo 2016-04-04 09:09 - 2016-04-04 09:09 - 00423918 _____ C:\Users\Mel\Downloads\KV *** Touran.pdf 2016-04-03 03:24 - 2016-04-03 03:24 - 02167958 _____ C:\Users\Mel\Downloads\Datenblatt Magnolythe S100(1).pdf 2016-03-27 19:15 - 2016-04-14 00:16 - 00000000 ____D C:\Users\Mel\Desktop\THEORIE Unterricht 2016-03-26 15:05 - 2016-03-26 15:05 - 00494615 _____ C:\Users\Mel\Desktop\Bahnticket 22.4. Münster - Weinheim.pdf 2016-03-26 15:04 - 2016-03-26 15:04 - 00494315 _____ C:\Users\Mel\Downloads\FLT_S12K4L5809_0.pdf 2016-03-26 14:40 - 2016-03-26 14:40 - 00495348 _____ C:\Users\Mel\Downloads\FLT_OZZRZ414366_0.pdf 2016-03-25 23:07 - 2016-03-25 23:07 - 00004020 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask 2016-03-25 23:07 - 2016-03-25 23:07 - 00003484 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask 2016-03-25 23:07 - 2016-03-25 23:07 - 00003330 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask 2016-03-25 23:06 - 2016-03-25 23:06 - 00003208 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest 2016-03-25 23:06 - 2016-03-25 23:06 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows 2016-03-25 23:06 - 2016-03-25 23:06 - 00000000 ____D C:\Program Files\Dell Support Center ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-04-20 03:21 - 2015-05-26 00:13 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat 2016-04-20 03:19 - 2015-06-30 00:27 - 00023992 _____ C:\WINDOWS\system32\Drivers\fvstore.dat 2016-04-20 03:05 - 2015-10-13 20:03 - 00000562 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3436712697-1915681797-834199881-1001.job 2016-04-20 02:33 - 2014-01-27 15:37 - 00001116 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-20 02:27 - 2013-06-03 23:29 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-04-20 02:15 - 2015-10-13 20:03 - 00000658 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3436712697-1915681797-834199881-1001.job 2016-04-20 01:33 - 2014-01-27 15:37 - 00001112 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-20 00:14 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf 2016-04-17 23:25 - 2015-06-30 02:23 - 00000000 ____D C:\Users\Mel\AppData\Local\ClassicShell 2016-04-17 22:12 - 2015-06-08 03:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-04-16 11:43 - 2013-05-30 17:30 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3436712697-1915681797-834199881-1001 2016-04-16 11:28 - 2013-02-28 13:08 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2016-04-16 11:22 - 2014-03-27 02:36 - 00000000 ____D C:\Users\Mel\Desktop\NH 2016-04-16 11:20 - 2015-01-15 02:43 - 00000000 ____D C:\Users\Mel\AppData\Roaming\AdTrustMedia 2016-04-16 11:20 - 2014-04-02 18:22 - 00000000 ____D C:\ProgramData\Adtrustmedia 2016-04-16 11:19 - 2014-11-08 03:32 - 00000000 ____D C:\Users\Mel 2016-04-16 11:16 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-16 11:15 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-04-15 22:38 - 2015-10-13 20:03 - 00003648 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3436712697-1915681797-834199881-1001 2016-04-15 22:38 - 2015-10-13 20:03 - 00003552 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3436712697-1915681797-834199881-1001 2016-04-15 01:08 - 2014-09-24 07:43 - 02048530 _____ C:\WINDOWS\system32\perfh007.dat 2016-04-15 01:08 - 2014-09-24 07:43 - 00581024 _____ C:\WINDOWS\system32\perfc007.dat 2016-04-15 00:55 - 2016-03-18 21:37 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 36.lnk 2016-04-15 00:55 - 2014-06-04 00:50 - 00003862 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1381657778 2016-04-15 00:55 - 2013-10-13 11:49 - 00000000 ____D C:\Program Files (x86)\Opera 2016-04-13 18:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache 2016-04-13 16:58 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-04-13 14:36 - 2013-08-22 16:44 - 00493336 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-04-13 03:39 - 2015-04-15 08:22 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-04-13 03:39 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData 2016-04-13 03:39 - 2013-08-08 19:46 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-04-13 03:36 - 2013-06-01 15:44 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-04-13 03:04 - 2016-01-15 00:43 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-04-13 03:02 - 2016-03-09 00:12 - 01737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-04-13 03:02 - 2016-03-09 00:12 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-04-13 03:02 - 2016-03-09 00:12 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2016-04-11 04:02 - 2015-11-14 23:38 - 01130496 ___SH C:\Users\Mel\Desktop\Thumbs.db 2016-04-11 03:41 - 2014-09-24 08:17 - 02135110 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-04-10 01:55 - 2015-05-27 02:29 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-04-09 22:27 - 2015-05-27 02:29 - 00003846 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2016-04-09 22:27 - 2013-06-03 23:29 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2016-04-08 18:59 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-04-08 01:31 - 2015-11-14 23:43 - 00000000 ____D C:\Program Files\McAfee Security Scan 2016-04-08 01:17 - 2013-10-12 20:30 - 00000000 ____D C:\Users\Mel\Desktop\Kram 2016-04-08 01:16 - 2013-10-12 20:31 - 00000000 ____D C:\Users\Mel\Desktop\Verwaltung 2016-04-06 14:19 - 2015-04-01 18:50 - 00846104 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys 2016-04-06 14:19 - 2015-04-01 18:50 - 00138560 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys 2016-04-06 14:19 - 2015-04-01 18:50 - 00045600 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys 2016-04-06 14:19 - 2015-04-01 18:50 - 00032224 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys 2016-04-06 14:17 - 2015-04-01 18:48 - 00051800 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll 2016-04-06 14:16 - 2015-04-01 18:48 - 00596232 _____ (COMODO) C:\WINDOWS\system32\guard64.dll 2016-04-06 14:16 - 2015-04-01 18:48 - 00461648 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll 2016-04-06 14:14 - 2015-04-01 18:47 - 00365752 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll 2016-04-06 14:14 - 2015-04-01 18:46 - 00051896 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll 2016-04-06 14:12 - 2015-04-01 18:45 - 00296120 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll 2016-04-06 14:11 - 2015-04-01 18:45 - 00046776 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll 2016-04-06 01:46 - 2014-01-27 01:05 - 00068258 _____ C:\Users\Mel\Desktop\Notizen.odt 2016-03-31 23:10 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-03-25 23:06 - 2013-06-09 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2016-03-25 23:05 - 2013-02-28 12:58 - 00000000 ____D C:\ProgramData\PCDr 2016-03-23 23:23 - 2015-04-06 01:41 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX 2016-03-23 23:23 - 2015-04-06 01:41 - 00000000 ___SD C:\WINDOWS\system32\GWX 2016-03-21 21:49 - 2016-01-05 23:47 - 00024240 _____ (Dell Computer Corporation) C:\WINDOWS\system32\Drivers\DellProf.sys 2016-03-21 21:48 - 2015-02-13 21:26 - 00000000 ____D C:\ProgramData\SupportAssistAgent ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-12-14 23:30 - 2015-12-14 23:30 - 0001473 _____ () C:\Users\Mel\AppData\Local\recently-used.xbel 2013-06-02 16:13 - 2013-06-02 16:13 - 0000032 _____ () C:\ProgramData\Temp.log 2013-02-28 13:04 - 2013-02-28 13:05 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-02-28 12:59 - 2013-02-28 13:01 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-02-28 13:01 - 2013-02-28 13:02 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2013-02-28 12:59 - 2013-02-28 12:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-02-28 13:02 - 2013-02-28 13:04 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-04-19 23:04 ==================== Ende von FRST.txt ============================ Geändert von Kaffee (20.04.2016 um 03:51 Uhr) |
|
20.04.2016, 03:31
| #2 |
| | Spam - Mails mit meinem Absender an mein AdressbuchCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Mel (2016-04-20 03:23:47)
Gestartet von C:\Users\Mel\Downloads
Windows 8.1 (X64) (2014-11-08 13:08:36)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3436712697-1915681797-834199881-500 - Administrator - Disabled)
Gast (S-1-5-21-3436712697-1915681797-834199881-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3436712697-1915681797-834199881-1028 - Limited - Enabled)
Mel (S-1-5-21-3436712697-1915681797-834199881-1001 - Administrator - Enabled) => C:\Users\Mel
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: COMODO Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
5KPlayer 2.1 (HKLM-x32\...\5KPlayer_is1) (Version: - DearMob, Inc.)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{306823F5-9E3B-6FEA-77B0-C9F9B725D7C4}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Chromodo (HKLM-x32\...\Chromodo) (Version: 48.12.18.254 - Comodo)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
COMODO Antivirus (HKLM\...\{73830292-868E-4C82-9AF5-CCFE2047B6A3}) (Version: 8.2.0.4508 - COMODO Security Solutions Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{B57A8AFE-6735-4497-BD52-BD2F838F5CF0}) (Version: 1.2.1.31 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.1.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.59.74 - Dell Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.16483 - Landesfinanzdirektion Thüringen)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.42.716 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.42.716 - DVDVideoSoft Ltd.)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoPro App (x32 Version: 5.7.549 - GoPro, Inc.) Hidden
GoPro Studio 2.5.7 (HKLM-x32\...\{b996dca2-156c-4d2c-b9a3-59fac08cef33}) (Version: 2.5.7.549 - GoPro, Inc.)
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-3436712697-1915681797-834199881-1001\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-3436712697-1915681797-834199881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
K-Lite Codec Pack 10.7.1 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.7.1 - )
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{AB8304F0-383F-4F80-8988-87727C415BF7}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 (HKLM\...\MX.{FFDC29E6-5C7C-4AA8-AF5A-99E015165382}) (Version: 14.0.0.159 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 (Version: 14.0.0.159 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 6.1.2 - CEWE Stiftung u Co. KGaA)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 de)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 36.0.2130.65 (HKLM-x32\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: - ) <==== ACHTUNG
PDF24 Creator 6.0.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PhotoFiltre 7 (HKU\S-1-5-21-3436712697-1915681797-834199881-1001\...\PhotoFiltre 7) (Version: - )
PhotoFiltre 7 (HKU\S-1-5-21-3436712697-1915681797-834199881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\PhotoFiltre 7) (Version: - )
PowerXpressHybrid (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
PrivDog (HKLM\...\{C01D249F-23DA-45B1-A5FF-12ECD647D5C6}) (Version: 3.0.108.0 - PrivDog.com)
PrivDog 2 Legacy Browser Plug-ins (HKLM-x32\...\PrivDog) (Version: 2.2.0.14 - privdog.com)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RadiAnt DICOM Viewer (64-bit) (HKLM-x32\...\RadiAnt64) (Version: 1.9.16.7446 - Medixant)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6741 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Visual Business Cards 4 (HKLM-x32\...\Visual Business Cards 4_is1) (Version: - Tailwag Software)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.3900 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{6D44919D-A87F-4D57-841E-4DA3354D29EE}) (Version: 23.00.1146 - Buhl Data Service GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3436712697-1915681797-834199881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3436712697-1915681797-834199881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Mel\AppData\Local\Citrix\GoToMeeting\3499\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3436712697-1915681797-834199881-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3436712697-1915681797-834199881-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Mel\AppData\Local\Citrix\GoToMeeting\3499\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {04BFA561-CB39-4347-9EC9-17ABC78B4C21} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-29] (Adobe Systems Incorporated)
Task: {0C0ADFC6-6EC1-44CD-9732-8ADB0A95B6CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-11-08] (Apple Inc.)
Task: {329B52CD-4F6A-4F9A-BF31-72FB7E9EEA8D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-03-21] (Dell Inc.)
Task: {37746AE9-A856-46FD-A4E0-5633BE2914F2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-04-09] (Adobe Systems Incorporated)
Task: {3CE59B5C-AA0D-41EA-8209-39F2946B3F98} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-15] (COMODO)
Task: {41893B4C-D665-45E2-AB0F-B79CE4E07491} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {42B0E4EE-30EE-4E09-B539-86B7E178917D} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-04-13] (COMODO)
Task: {4713D6BB-B7A0-4FC1-94E3-97059F06F472} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-25] (PC-Doctor, Inc.)
Task: {516D846E-8AF5-454B-844D-15DD14E0CE03} - System32\Tasks\Opera scheduled Autoupdate 1381657778 => C:\Program Files (x86)\Opera\launcher.exe [2016-04-15] (Opera Software)
Task: {6C341080-73A6-4A35-8535-11859CE13D20} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {76CF64AF-1C51-42F6-B9E7-EB1588BD34F4} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-15] (COMODO)
Task: {821EC7C5-9F97-4C39-AF4D-AED3FC041537} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-28] (Piriform Ltd)
Task: {8E71D946-4480-4D5F-8844-4A4D303A16C0} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-25] (PC-Doctor, Inc.)
Task: {90DAEC80-C73D-40E0-8882-80DE0C997078} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-15] (COMODO)
Task: {966E332A-D1A1-45A7-83CE-9228FA0C9C10} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-04-13] (COMODO)
Task: {A77BF21E-2652-41D6-8801-92426AA6A96B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-09] (Adobe Systems Incorporated)
Task: {B7EB21BB-9D0A-4175-B8DA-844C33B2E3D5} - System32\Tasks\G2MUpdateTask-S-1-5-21-3436712697-1915681797-834199881-1001 => C:\Users\Mel\AppData\Local\Citrix\GoToMeeting\4800\g2mupdate.exe [2016-04-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {BB7B344A-DAD0-4407-BB51-8DD17BD50392} - System32\Tasks\G2MUploadTask-S-1-5-21-3436712697-1915681797-834199881-1001 => C:\Users\Mel\AppData\Local\Citrix\GoToMeeting\4800\g2mupload.exe [2016-04-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {BCE38CFF-A98D-4410-918C-D4972A5184B7} - System32\Tasks\avastBCLRestartS-1-5-21-3436712697-1915681797-834199881-1001 => Chrome.exe
Task: {BF598F5D-B55A-437B-BD23-444AAD22DFDC} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-15] (COMODO)
Task: {C166FC38-9DF9-4A14-B317-716D101EFC35} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {CA53B138-9EA7-45DC-B604-32A39B16E273} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-09-04] ()
Task: {D7E6D9BA-2DCB-4EAC-9AE9-CCCE99B6FCD9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
Task: {FED6DA46-EB72-41D6-8CDA-371C59511E3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => C:\ProgramData\cisB59C.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3436712697-1915681797-834199881-1001.job => C:\Users\Mel\AppData\Local\Citrix\GoToMeeting\4800\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3436712697-1915681797-834199881-1001.job => C:\Users\Mel\AppData\Local\Citrix\GoToMeeting\4800\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-29 20:00 - 2012-10-29 20:00 - 00047480 _____ () c:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2015-02-26 00:06 - 2015-02-26 00:06 - 01969280 _____ () C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\UtilsDll.dll
2015-02-26 00:06 - 2015-02-26 00:06 - 00108160 _____ () C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogManager\Plugins\nfapi.dll
2015-02-25 23:45 - 2015-02-25 23:45 - 00054784 _____ () C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\DisableBrowserExtensions.dll
2015-02-26 00:06 - 2015-02-26 00:06 - 00554112 _____ () C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogManager\Plugins\ProtocolFilters.dll
2015-05-08 20:50 - 2015-05-08 20:50 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-08 23:02 - 2016-03-16 12:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2016-03-25 23:05 - 2016-03-24 01:43 - 00111352 _____ () C:\Program Files\Dell\SupportAssist\libCSharpCommonCS.dll
2016-03-25 23:05 - 2016-03-24 01:43 - 00553720 _____ () C:\Program Files\Dell\SupportAssist\libAsapiCSharp.dll
2015-10-03 00:15 - 2015-10-03 00:15 - 02287616 _____ () C:\Program Files (x86)\GoPro\Tools\Importer\gopro-lib-win-analytics.dll
2014-08-13 09:27 - 2014-08-13 09:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-07-29 13:34 - 2014-07-29 13:34 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2016-02-21 03:14 - 2016-02-21 03:14 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\8e749780289ceb24f72730345e019061\PSIClient.ni.dll
2013-02-28 13:08 - 2012-09-12 22:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-02-28 13:08 - 2012-08-06 11:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2013-02-28 13:08 - 2012-08-06 11:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2013-02-28 12:50 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\hh.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\twain_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\winhlp32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\write.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\accessibilitycpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acledit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acppage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\activeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adhapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsldp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsldpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adtschema.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\advpack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aecache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AepRoam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitagent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\alg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AltTab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\amstream.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Apphlpdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appsruprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxApplicabilityEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ARP.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aspnet_counters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\at.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AtBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atlthunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\attrib.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\auditcse.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authfwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthFWGP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthFWSnapin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthFWWizFwk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHostProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AutoWorkplaceN.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\avicap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\avifil32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\avrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AxInstSv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AxInstUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\azroles.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\azroleui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AzSqlExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\backgroundTaskHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\batmeter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdboot.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BCP47Langs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdaplgin.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bderepair.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BdeUISrv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bidispl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BioCredProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizardElev.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsigd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsprx2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\bitsprx3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsprx4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsprx5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsprx6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsprx7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\blb_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootim.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootsect.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\brdgcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bridgeunattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrokerLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browseui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bthci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthHFSrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthMtpContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bthpanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthpanContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bthprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bthserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthSQM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bthudtask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\btpanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Bubbles.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BulkOperationHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BWContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cabinet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cabview.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\calc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.ProxyStub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CameraSettingsUIHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\capisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\catsrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\catsrvps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cca.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdosys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certca.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certCredProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollCtrl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertPolEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certreq.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cfgmgr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cfmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cfmifsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chcp.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CheckNetIsolation.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chkdsk.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chkntfs.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chkwudrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\choice.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CHxReadingStringIME.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cipher.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CIRCoInst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clbcatq.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cleanmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clip.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudNotifications.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmcfg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmdext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmdial32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmdkey.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmdl32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmlua.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmmon32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmpbk32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmstp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmstplua.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cngcredui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cnvfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cofire.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cofiredm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\colbact.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\colorcpl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\colorui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comcat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\compact.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CompMgmtLauncher.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ComputerDefaults.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comrepl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comuid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\connect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConnectedAccountState.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConsentUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\console.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\control.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\convert.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\correngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredentialMigrationHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredentialUIBroker.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptcatsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\crypttpmeksvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptuiwizard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cscdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CSystemEventsBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cttune.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cttunesvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_ISCII.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3d10core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3d8thk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dabapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DAConn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafupnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafWCN.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafWfdProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DAFWSD.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DAMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DaOtpCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dataclen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\datusage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\davhlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbghelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbnetlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbnmpntw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dccw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dcomcnfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDACLSys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddodiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDOIProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDORes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DefaultDeviceManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DefaultPrinterProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Defrag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\defragproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\defragsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\desk.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deskadp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deskmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevDispItemProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceDisplayStatusManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceDriverRetrievalClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceEject.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceElementSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceProperties.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManagerAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceUxRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\devmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevPropMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devrtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfdts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DFDWiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfrgui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DfsShlEx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcmonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DHCPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DiagCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\difxapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dimsjob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dinput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dinput8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diskcomp.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diskpart.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diskraid.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dispci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dispdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dispex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DisplaySwitch.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\djoin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllhst3g.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmdlgs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmdskmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmintf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmloader.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmocx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmsynth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmusic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmvdsitf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmview.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnscacheugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnshc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\docprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\doskey.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3api.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3cfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Dot3Conn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3dlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3gpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3gpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3hc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3mm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3msm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3svc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3ui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapimig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DpiScaling.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\driverquery.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drtprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drttransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\dsdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dskquota.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dskquoui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DsmUserTask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsound.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsparse.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsrole.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dssec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dssenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Dsui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsuiext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\dswave.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\dtsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\duser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dvdplay.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dvdupgrd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwm.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmredir.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWWIN.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxdiagn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgwdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Dxpserver.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DxpTaskSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxva2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Eap3Host.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappprxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\eapprovp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EAPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eapsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easconsent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EaseOfAccessDialog.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.proxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsadu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efslsaext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EhStorAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EhStorAuthn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EhStorPwdMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EhStorShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ELSCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\elshyph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\elslad.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\elsTrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energyprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energytask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eqossnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\es.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentprf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eudcedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EventAggregation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eventcls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eventcreate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eventvwr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\expand.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\extrac32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Faultrep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdBthProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FdDevQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdeploy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdPHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdPnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FDResPub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdSSDP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdWCN.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdWNet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdWSD.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\feclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhautoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcleanup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhevents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhlisten.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhmanagew.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhshl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsrchapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsrchph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsvcctl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhtask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FileAppxStreamingDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\filemgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\find.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\findnetprinters.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\findstr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\finger.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Firewall.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FirewallControlPanel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fltLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fltMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Fondue.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontview.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\forfiles.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\format.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fphc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\framedyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\framedynos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\frprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fsavailux.exe:$CmdTcID [64]
|
|
20.04.2016, 03:38
| #3 |
| | Spam - Mails mit meinem Absender an mein AdressbuchCode:
ATTFilter AlternateDataStreams: C:\WINDOWS\system32\fsquirt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fsutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fsutilext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fthsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ftp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fundisc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecerts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveskybackup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMEX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMPOSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSCOVER.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSMON.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSROUTE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSST.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXST30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSTIFF.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSUNATD.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSUTILITY.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\g711codc.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gacinstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gcdef.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GEARAspi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\getmac.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\getuname.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\glcndFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\glmf32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\globinputhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\glu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpprnext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpresult.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpupdate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Groupinghc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\grpconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hbaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hcproviders.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\help.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HelpPaneProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hhctrl.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hhsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hidphone.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hidserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hnetcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hnetmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HOSTNAME.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hotplug.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hotspotauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\httpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\httpprxp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\htui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hwrcomp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hwrreg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ias.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iasacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iasads.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iasdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iashlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IasMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iasnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iaspolcy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iasrad.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iasrecst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iassam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iassdo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iassvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icmui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IconCodecService.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\icsigd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsunattend.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdListen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\idndl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IDStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ifmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ifsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ifsutilx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igdDiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imaadp32.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imagehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\immersivetpmvscmgrsvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetmib1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetpp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetppui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InfDefaultInstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputSwitch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\intl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipconfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iprtprio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipsecsnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipsmsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\irclass.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\irftp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\irmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\irprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsicli.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsidsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsied.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiexe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsium.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmiv2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\isoburn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\itircl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\itss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iuilp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iyuv_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jnwmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\joy.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZST.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KdsCli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kdusb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kd_02_8086.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\keepaliveprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kernel.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kernelceip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\keyiso.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\keymgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\klist.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kmddsp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KMSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\korwbrkr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ksetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kstvtune.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Kswdmcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ksxbar.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ktmutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ktmw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\l2gpstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\l2nacp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\L2SecHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\l3codeca.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\l3codecp.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\label.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LangCleanupSysprepAction.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LAPRXY.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchTM.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\linkinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\livessp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LldpNotify.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lltdapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lltdsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lmhsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\loadperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\localsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\localui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LocationNotifications.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Locator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\logagent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\loghours.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\logoncli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogonUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpk.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\lpkinstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpksetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpksetupproxyserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\luainstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Magnification.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Magnify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaintenanceUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\makecab.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeXmlParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mblctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mbussdapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mcbuilder.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mciavi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mcicda.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mciqtz32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mciseq.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mciwave.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\McxDriv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDMAgent.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mdminst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MdRes.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MdSched.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MemoryDiagnostic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf3216.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfAACEnc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcsubs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfdvdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfh264enc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mftranscode.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mgmtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mibincodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\midimap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\migflt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\miguiresource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mimefilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mimofcodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MirrorDrvCompat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\miutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mlang.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmcbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmcico.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmcndmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmcshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmcss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmsys.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mobsync.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mode.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modemui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\montr_ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\more.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mountvol.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Mpeg2Data.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mpg2splt.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mpnotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRINFO.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MrmIndexer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msaatext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msacm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msacm32.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msadp32.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msaudite.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msauserext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscat32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msched.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSchedExe.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msconfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfime.ime:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MsCtfMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdadiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdart.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdelta.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdri.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtckrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtclog.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSDvbNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msg711.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msgsm32.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MsiCofire.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msidcrl40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msident.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msidle.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msieftp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msiltcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msimg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msimtf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msisip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msiwer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msls31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msoeacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msoert2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspatcha.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspatchc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msports.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msrahc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msrdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msrle32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msscntrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssha.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msshooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssign32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssip32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msTextPrediction.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcirt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcp120_clr0400.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcp60.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcr120_clr0400.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvidc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSWB7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSWB70011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSWB7001E.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSWB70404.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSWB70804.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mswmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mtstocom.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mtxdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mtxex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\muifontsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MUILanguageCleanup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MuiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mycomput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mydocs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Mystify.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\napdsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NapiNSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\napipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAPMONTR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAPSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Narrator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nbtstat.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NcaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NcaSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncbservice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NcdAutoSetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NcdProp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncobjapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncpa.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncryptprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncuprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nddeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndfapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndfetw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndfhcdiscovery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndiscapCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndishc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NdisImPlatform.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nduprov.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\negoexts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\net.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\net1.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netbios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netcenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netcorehc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netdiagfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetEvtFwdr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netjoin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netlogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Netplwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netprofm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netprofmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netprovisionsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netsh.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NETSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetVscCoinstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\networkexplorer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\networkitemfactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkStatus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\newdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\newdev.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ninput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NL7Data001E.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0404.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0804.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlahc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlhtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlmgp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlmsprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0000.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0002.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0003.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0007.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData000a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData000c.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData000d.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData000f.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0010.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0018.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData001a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData001b.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData001d.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0020.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0021.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0022.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0024.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0026.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0027.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData002a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0039.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData003e.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0045.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0046.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0047.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0049.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData004a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData004b.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData004c.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NlsData004e.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0414.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0416.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0816.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData081a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0c1a.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Nlsdl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsLexicons0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\normaliz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\npmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nrpsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nsisvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nslookup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdsapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ntlanman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntlanui2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntmarta.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\objsel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ocsetapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbcad32.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\odbcbcp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbccp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbccr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbccu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbctrac.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OEMLicense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ogldrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleacchooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oledlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleprn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\onex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\onexui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OobeFldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OpcServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\openfiles.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\opengl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OpenWith.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OptionalFeatures.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\osbaseln.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\osk.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OskSupport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\osuninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\P2P.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\P2PGraph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\p2pnetsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\p2psvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\panmap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PATHPING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pautoenr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcacli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcaui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcaui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPKsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcsvDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcwrun.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcwutl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdhui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoMetadataHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\photowiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PickerHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PkgMgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pla.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\plasrv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\playlistfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlaySndSrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToStatusProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ploptin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnpclean.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnppolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnpts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PnPUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PnPutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssoc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssocPrx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnrpauto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Pnrphc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnrpnsp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\pnrpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceClassExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceConnectApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceStatus.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWiaCompat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWMDRM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pots.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powrprof.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\prevhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\print.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelineprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelinesvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\printui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\printui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\prncache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\prnfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\prnntfy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\prntvpt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\procinst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\propsys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\proquota.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provthrd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommonPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityRtapiPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityServicePal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityUxHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\prvdmofcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psisdecd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psisrndr.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PSModuleDiscoveryProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pstask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pstorec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwsso.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\QAGENT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\QAGENTRT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\QCLIPROV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qdv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qmgrprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\QSHVHOST.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\QSVRMGMT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Query.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\QUTIL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qwave.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RacEngn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\racpldlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\radardt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\radarrs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasadhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasauto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasautou.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\raschap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\raschapext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasdiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasdial.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\raserver.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmbmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RASMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmontr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasphone.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasplap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasppp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastlsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcfgex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpendp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpinput.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpSa.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpSaProxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpSaPs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpSaUacHelper.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdrleakdiag.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RDSAppXHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdsdwmdr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDSPnf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdvvmtransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\recimg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\recover.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\recovery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reg.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\regapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RegCtrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\regedt32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\regidle.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\regini.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Register-CimProvider.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\regsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\regsvr32.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ReInfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rekeywiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\remotepg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\remotesp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceElevated.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\repair-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\replace.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\resmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RestoreOptIn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rfxvmt.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\rgb9rast.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Ribbons.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\riched20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\riched32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMActivate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RmClient.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rmttpmvscmgrsvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rnr20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RoamingSecurity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Robocopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RotMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ROUTE.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RpcEpMap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RpcNs4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcnsh.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RpcPing.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RpcRtRemote.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RstrtMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rtffilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rtm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rtutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\runas.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rundll32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RunLegacyCPLElevated.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\runonce.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RuntimeBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sas.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sbeio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scansetting.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SCardDlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SCardSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scavengeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sccls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scecli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schedcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scripto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scrnsave.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scrobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scrrun.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdchange.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdhcinst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdiageng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdiagnhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdiagprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdiagschd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecEdit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sechost.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\secinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\secproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\secproc_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsClassExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sensrsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\serialui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\serwvdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sessionmsg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sethc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SetNetworkLocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SetProxyCredential.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setspn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupcln.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sfc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sfc_os.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sharemediacpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shgina.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shimgvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shlwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shpafact.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shrpubw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\shsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shunimpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shutdown.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shwebsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\signdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sigverif.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SimAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SimCfg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\sisbkup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SkyDrive.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SlideToShutDown.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slpts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SmartcardCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SmartCardSimulator.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SmartScreenSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SMBHelperClass.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smbwmiv2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SmsDeviceAccessRevocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SMSRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SndVol.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SnippingTool.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\snmpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\snmptrap.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SNTSearch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\softkbd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\softpub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sort.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SortServer2003Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SortWindows61.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SortWindows6Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SoundRecorder.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spbcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spfileq.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SPInf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spmpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spopk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spwinsat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spwizeng.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sqlcecompact40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sqlceoledb40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sqlceqp40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sqlcese40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sqlsrv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sqmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srchadmin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srhelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srrstr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SrTasks.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srumapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srumsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\srvcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srvsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sscoreext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ssdpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ssdpsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SSShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ssText3d.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sstpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Startupscan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sti.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StikyNot.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sti_ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Storprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\streamci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\subst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\svchost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\svsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\swprv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\sxproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxshared.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\sxssrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxsstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxstrace.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\synceng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncHostps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructure.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructureps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SynCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Syncreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\syncui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SynTPAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SynTPCo20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sysclass.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sysdm.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\syskey.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sysmon.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sysntfy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\syssetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systeminfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesAdvanced.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesComputerName.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesHardware.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesPerformance.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesProtection.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesRemote.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsDatabase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsRemoveDevice.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\t2embed.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabbtnEx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\takeown.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapi3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapilua.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TapiMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapiperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TapiSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TapiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskhostex.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskkill.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tasklist.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Taskmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskschd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TaskSchdPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcmsetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TcpipSetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcpmib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcpmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcpmonui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TCPSVCS.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\telephon.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\termmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TetheringIeProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TetheringMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TetheringStation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themeservice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\threadpoolwinrt.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ThumbnailExtractionHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TimeDateMUICallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\timeout.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TimeSyncTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tlscsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tpmcompc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmInit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tpmvsc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgrsvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TRACERT.EXE:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\traffic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tree.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\trkwks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tsbyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSChannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSTheme.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TtlsAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TtlsCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TtlsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tvratings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\txflog.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\txfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzsync.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ucmhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\udhisapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\uexfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ufat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UI0Detect.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uicom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uireng.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ulib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umdmxfrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpnpmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpowmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umrdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unattend.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unimdmat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uniplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unlodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unregmp2.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\upnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\upnpcont.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\upnphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ureg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbceip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserAccountBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\userenv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\userinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\userinitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserLanguageProfileCallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ustprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\utildll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uudf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UXInit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uxlib.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\uxtheme.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VAN.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Vault.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VaultCmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VaultRoaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VBICodec.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbisurf.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vdsbas.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vdsdyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vdsldr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vdsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vdsvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vds_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\verclsid.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\verifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\verifier.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\version.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\vfwwdm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vidcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\virtdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmbuspipe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VmdCoinstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmictimeprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnikeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VscMgrPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vssadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vsstrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\w32tm.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\w32topl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WABSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\waitfor.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WallpaperHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WavDest.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wavemsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbemcomn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WcnApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcncsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WcnEapAuthProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WcnEapPeerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WcnNetsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdiasqmmodule.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdmaud.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Websocket.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wecapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wecsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wecutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wephostsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wercplsupport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WerFault.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WerFaultSecure.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wermgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtfwd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WfHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WFS.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\where.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\whhelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\whoami.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiaacmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiaaut.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiadefui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiadss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiarpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiascanprofiles.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiaservc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiatrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wimgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wimserv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winbici.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winbio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winbrand.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Portable.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Renewal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Proximity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Compression.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.RemoteDesktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windowslivelogin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winethc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinFax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Winlangdb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogonext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmmbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinMsoIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winnsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinOpcIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winrnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winrs.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winrscmd.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\winrshost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winrssrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSAT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSATAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winshfhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsku.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsockhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WINSRPC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSyncMetastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSyncProviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winusb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winver.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\witnesswmiv2provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkspbroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkspbrokerAx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wksprt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WLanConn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlandlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlangpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WLanHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlaninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanpref.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanRadioManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Wldap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wldp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlgpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidcredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidfdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidnsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlrmdr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlS0WndH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMASF.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmcodecdspps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmdmlog.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmdmps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmdrmdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmdrmnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmiclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmicmiplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmidcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmidx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmiprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmitomi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMNetMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WmpDui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmsgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVCORE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmvdspa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WofTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WofUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\workerdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wowreg32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpccpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcWebSync.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wpdbusenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpdMtp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpdMtpUS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WPDShextAutoplay.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WPDSp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpd_ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnpinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
|
|
20.04.2016, 03:46
| #4 |
| | Spam - Mails mit meinem Absender an mein AdressbuchCode:
ATTFilter AlternateDataStreams: C:\WINDOWS\system32\wpnsruprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\write.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2help.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscisvif.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSCollect.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSDApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsdchngr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSDMon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSDPrintProxy.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSDScanProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wsepno.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshbth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshcon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wship6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshirda.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshnetbs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wshom.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshqos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSHTCPIP.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmAgent.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsnmp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsock32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsqmcons.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSReset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSTPager.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wtsapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFCoinstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFPlatform.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFx02000.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wusa.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwaninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Wwanpref.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WwanRadioManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xcopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XInput1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XInput9_1_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xmlfilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xmllite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xmlprovi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XpsFilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XpsGdiConverter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XpsPrint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XpsRasterService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XPSSHHDR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpssvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xwizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xwizards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xwreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xwtpdui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xwtpw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\accessibilitycpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\acledit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\acppage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\activeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\advpack.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amstream.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Apphlpdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appidapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxSip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ARP.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aspnet_counters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\at.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AtBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atlthunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\attrib.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\audiodev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authfwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWGP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWSnapin.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWWizFwk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\avicap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\avifil32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\avrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroles.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzSqlExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\backgroundTaskHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\batmeter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BCP47Langs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bdaplgin.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bidispl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BioCredProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bootcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\browcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\browseui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthudtask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\btpanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Bubbles.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BWContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabinet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabview.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\calc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\capisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cca.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdosys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certca.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certCredProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertPolEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certreq.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgmgr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chcp.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CheckNetIsolation.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkdsk.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkntfs.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\choice.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CHxReadingStringIME.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cipher.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clbcatq.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cleanmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clip.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudNotifications.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmcfg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdial32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdkey.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdl32.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmlua.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmmon32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmpbk32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstplua.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngcredui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cnvfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\colbact.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\COLORCNV.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorcpl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comcat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\compact.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\compstui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ComputerDefaults.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comrepl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comuid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\connect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConnectedAccountState.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\console.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\control.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\convert.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialUIBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypttpmeksvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptuiwizard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ctfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttune.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttunesvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_ISCII.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8thk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim700.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dramp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dxof.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dabapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dataclen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\davhlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbghelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnetlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnmpntw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dccw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomcnfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDACLSys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddodiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDOIProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDORes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultDeviceManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\desk.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskadp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevDispItemProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceProperties.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceUxRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devrtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfrgui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DfsShlEx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcmonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DHCPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\difxapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsjob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcomp.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskpart.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskraid.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dispex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplaySwitch.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhst3g.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmband.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmcompos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdlgs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdskmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmintf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmloader.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmocx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmstyle.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmsynth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmusic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmvdsitf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmview.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\docprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\doskey.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3api.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3cfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3dlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3hc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3msm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3ui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapimig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DpiScaling.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\driverquery.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drtprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drttransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquota.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquoui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsound.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsparse.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsrole.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Dsui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsuiext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dswave.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\duser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdplay.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdupgrd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWWIN.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiagn.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DxpTaskSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxva2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapprovp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EAPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsadu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAuthn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorPwdMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ELSCore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\elshyph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\elslad.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\elsTrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eqossnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\es.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentprf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eudcedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcreate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventvwr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\expand.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\extrac32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Faultrep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBthProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FdDevQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdeploy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdPnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdSSDP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWCN.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWNet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWSD.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\feclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\filemgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\find.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findstr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\finger.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallControlPanel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Fondue.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontview.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\forfiles.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\format.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fphc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedynos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\frprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutilext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ftp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fundisc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOMEX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSEXT32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSXP32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\g711codc.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gcdef.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GEARAspi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\getmac.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\getuname.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\glcndFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\glmf32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\globinputhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\glu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpprnext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpresult.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpupdate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\grpconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hbaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hcproviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\help.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\HelpPaneProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hh.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhctrl.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidphone.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\HOSTNAME.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\httpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\htui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ias.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasads.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iashlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IasMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iaspolcy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrad.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrecst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassdo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iccvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icmui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IconCodecService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsigd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsunattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\idndl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IDStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutilx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imaadp32.acm:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imagehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetmib1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InfDefaultInstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputSwitch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\intl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipconfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtprio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir32_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_32.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qcx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qcx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\irclass.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\irprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicli.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsidsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsied.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsium.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmiv2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\isoburn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\itircl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\itss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iyuv_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\joy.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZST.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\keyiso.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\keymgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kmddsp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\korwbrkr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kstvtune.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Kswdmcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksxbar.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmutil.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2gpstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2nacp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\L2SecHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codeca.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codecp.acm:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\label.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LAPRXY.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchTM.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\linkinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\loadperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\localsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationNotifications.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\lodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\logagent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\loghours.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\logoncli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\lsmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\luainstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnification.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\makecab.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbussdapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcbuilder.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciavi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcicda.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciqtz32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciseq.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciwave.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdminst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf3216.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfAACEnc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcsubs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfdvdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfh264enc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mftranscode.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mgmtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mibincodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\midimap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\miguiresource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimefilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimofcodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MirrorDrvCompat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\miutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mlang.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcico.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcndmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmsys.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mobsync.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mode.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\modemui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\more.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mountvol.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mpeg2Data.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpg2splt.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MRINFO.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmIndexer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaatext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msadp32.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscat32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscpxl32.dLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfime.ime:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsCtfMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfuimanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdadiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdart.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdelta.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdrm.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSDvbNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msg711.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msgsm32.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidcrl40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msident.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidle.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msieftp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiltcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimtf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msisip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiwer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msls31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoeacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoert2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatcha.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatchc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msports.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msra.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrle32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscntrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscript.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssha.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msshooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssign32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssip32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcirt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp60.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvidc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7001E.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70404.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70804.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtstocom.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxlegih.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\muifontsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MuiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mycomput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mydocs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mystify.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\napdsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NapiNSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\napipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPMONTR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Narrator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcdProp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncobjapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncpa.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptsslp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nddeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfetw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfhcdiscovery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndiscapCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndishc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\negoexts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\net.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\net1.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbios.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcorehc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netdiagfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netjoin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netlogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Netplwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprofm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprovisionsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netsh.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NETSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkexplorer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkitemfactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ninput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data001E.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0404.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0804.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlhtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmgp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmsprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0000.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0002.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0003.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0007.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000c.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000d.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000f.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0010.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0018.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001b.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001d.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0020.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0021.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0022.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0024.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0026.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0027.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData002a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0039.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData003e.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0045.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0046.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0047.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0049.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004b.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004c.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004e.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0414.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0416.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0816.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData081a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0c1a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Nlsdl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsLexicons0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\normaliz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\npmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nslookup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanui2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntmarta.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\objsel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ocsetapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcad32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcbcp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcji32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcjt32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbctrac.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oddbse32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odexl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odfox32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odpdx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odtext32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OEMLicense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ogldrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacchooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olecli32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oledlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleprn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olesvr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olethk32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\onex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\onexui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OobeFldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpcServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\openfiles.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\opengl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenWith.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\osbaseln.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\osk.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OskSupport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\osuninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2P.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2PGraph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\p2pnetsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\panmap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PATHPING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pautoenr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcacli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPKsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdhui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\photowiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PickerHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PkgMgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pla.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\playlistfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlaySndSrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToStatusProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pnrpnsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceStatus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pots.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powrprof.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\prevhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\print.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\prncache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnntfy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\prntvpt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\profapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\profext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\propsys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\proquota.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\provcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\provsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\provthrd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommonPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityRtapiPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\prvdmofcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\psapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisdecd.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisrndr.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\psr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pstorec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\QAGENT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\QCLIPROV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qmgrprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSHVHOST.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSVRMGMT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Query.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\QUTIL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qwave.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RacEngn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\racpldlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\radardt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\radarrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasadhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasautou.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rascfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschapext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdial.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\raserver.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmontr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasphone.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasplap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasppp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastlsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpendp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSa.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaProxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaPs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaUacHelper.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdrleakdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvvmtransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\recover.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\reg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RegCtrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedt32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regini.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Register-CimProvider.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regsvr32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rekeywiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotepg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotesp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\replace.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\resmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RestoreOptIn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rgb9rast.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Ribbons.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched20.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RmClient.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rnr20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Robocopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ROUTE.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcNs4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcnsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcPing.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcRtRemote.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RstrtMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtffilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\runas.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rundll32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\runonce.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\samcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sas.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbeio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scansetting.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SCardDlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scecli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schedcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schtasks.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scripto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrnsave.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrrun.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdchange.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiageng.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagnhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagprv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SecEdit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\secinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\serialui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\serwvdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sethc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupcln.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc_os.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shgina.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimgvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shlwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shpafact.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shrpubw.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shunimpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shutdown.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shwebsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\signdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sisbkup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SkyDriveShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\slpts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartScreenSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SMBHelperClass.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVol.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\snmpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\softkbd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\softpub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sort.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortServer2003Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows61.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows6Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spbcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spfileq.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SPInf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spopk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwinsat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwizeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcecompact40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceoledb40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceqp40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcese40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlsrv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\srchadmin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\srvcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssdpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SSShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssText3d.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Startupscan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sti.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorageContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Storprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\subst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\svchost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxshared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxsstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxstrace.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\synceng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHostps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructure.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructureps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SynCom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Syncreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\syncui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysdm.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\syskey.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysmon.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\syssetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systeminfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\t2embed.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\takeown.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapiperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskkill.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tasklist.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Taskmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskschd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TaskSchdPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcmsetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmonui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TCPSVCS.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\telephon.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\termmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\threadpoolwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeBrokerClient.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeDateMUICallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\timeout.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tlscsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tpmcompc.dll:$CmdTcID [64]
|
|
20.04.2016, 03:48
| #5 |
| | Spam - Mails mit meinem Absender an mein AdressbuchCode:
ATTFilter AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmInit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TRACERT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\traffic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tree.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsbyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSChannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSTheme.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tvratings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\txflog.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\txfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tzutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ucmhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\udhisapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uexfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ufat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uicom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uireng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ulib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\umdmxfrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdmat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uniplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unlodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unregmp2.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnpcont.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ureg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbceip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\userenv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ustprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\utildll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Utilman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uudf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UXInit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxtheme.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VAN.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Vault.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VBICodec.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbisurf.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vdmdbg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vds_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\verclsid.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\version.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vfwwdm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vidcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\virtdisk.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vpnikeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VscMgrPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vsstrace.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vss_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32tm.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32topl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WABSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\waitfor.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wavemsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wbemcomn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcnApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdmaud.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Websocket.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\werdiagcontroller.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFault.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFaultSecure.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wermgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\werui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtfwd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WfHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\where.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\whhelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\whoami.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaacmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaaut.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadefui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiascanprofiles.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiatrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wimgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbrand.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windowslivelogin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinFax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Winlangdb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmmbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winnsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrs.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrscmd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrshost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrssrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSATAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winshfhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsku.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsockhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WINSRPC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsta.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncMetastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncProviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winusb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winver.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkspbrokerAx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WLanConn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlandlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlangpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlaninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlanMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanpref.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wldap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlgpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidfdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidnsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlS0WndH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMASF.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmcodecdspps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmlog.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmitomi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMNetMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WmpDui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmsgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVCORE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmvdspa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wowreg32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShextAutoplay.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDSp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\write.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2help.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscisvif.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscript.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSDApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsdchngr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshbth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshcon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wship6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshirda.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshom.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshqos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSHTCPIP.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsnmp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsock32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSTPager.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wtsapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wusa.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xcopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput9_1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlfilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmllite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlprovi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsFilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsGdiConverter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsPrint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsRasterService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XPSSHHDR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpssvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpdui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\acpi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bridge.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\browserMon.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthhfenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthpan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BTHUSB.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\CFRMD.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\DDDriver64Dcsa.sys:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\DellProf.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\disk.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fltMgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fsdepends.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidbth.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mpsdrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mslldp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndiscap.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\NdisImPlatform.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndistapi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndproxy.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Ndu.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netbios.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netvsc63.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nsiproxy.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pacer.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qwavedrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasacd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasl2tp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rassstp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdpvideominiport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\refs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rfcomm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rootmdm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\scfilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\swenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SynTP.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tbs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\TsUsbGD.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UCX01000.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\udfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbcir.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbehci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbhub.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbohci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbuhci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbvideo.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmstorfl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\volsnap.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wanarp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdBoot.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdFilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdNisDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wimmount.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wpcfltr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFPf.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFRd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Desktop\12522962_10153973378988397_8495080215363569311_n.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\(Ghost) Riders In The Sky (Instrumental) Johnny Cash Cover.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\(Ghost) Riders In The Sky (Instrumental) Johnny Cash Cover.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\03. Niggaz 4 Life (1).mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\09, Real Niggaz.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\10022013121.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\10022013122.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\10022013123.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\10406489_751444694945707_2351825098231273560_n.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\10599408_603713349730786_8167908917899286016_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\11042191_856791301060381_1896024161_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\11312624_900364740036370_7501947428853969037_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\11334342_900364833369694_638369278_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\11420154_940680132638122_1265323655_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\13866161251880.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20070401.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\2012 08 Foto1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\2012 08 Foto2.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\2014-1190659.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20140702_221640.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20140702_224325.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20140704_192401.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20140704_192407.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20140704_202536.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150121_090143.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150122_181825.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150122_181834.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150122_181857.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150122_181859.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150123_150513.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150123_150521.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150123_150544.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150215_173511.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150215_174837.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150215_174850.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150215_174902.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_085853 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_085853.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130541 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130541.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130549 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130549.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130555 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130555.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150224_130627.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150415_095700.jpg:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\20150415_095700.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\20150730_53_150729_PFERDEWO_PWHP_020000_4_01.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\20150730_53_150729_PFERDEWO_PWHP_020000_4_01.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\2016-0782_2016-02-15__708.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\2016-0782_2016-02-15__708.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\32754_1600x1200-wallpaper-cb1322759774.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\4390269_Rechnung.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\5kplayer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\5kplayer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\6571507.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\6571507.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\A Letter from Pat Parelli.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\AA28561775.PDF:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\AA49623398 (1).PDF:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\AA49623398.PDF:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Ablaufplan Ri. + Ausb. (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Ablaufplan Ri. + Ausb..pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\AGB.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Anmeldung_draussenzeit_2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226101228.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226102236.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226102322.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226102355.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226102600.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226102919.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226103007.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226103202.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226103252.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226103328.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226103550.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226104012.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226104016.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226104041.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226104051.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150226104120.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150413150407.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191606.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191606.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191842.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191842.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191915.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191915.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191944.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725191944.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192026.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192026.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192113.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192113.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192136.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192136.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192149.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192149.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192213.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192213.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192407.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192608.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192608.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192703.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725192703.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725193427.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150725193427.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\attachments_20150921112956.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\AUS S Doppellonge Gehrmann 11.3.2015 Adelheidsdorf.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\BauanleitungWEBA101.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\BauanleitungWEBA101.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Beurteilung der Pferdes.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\bild.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\BUN60427.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\BYAFFTD.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\BYAFFTD.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\CAV-Schermotive-Jana-Wenzel-Bilder-131_b (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\CAV-Schermotive-Jana-Wenzel-Bilder-131_b.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Cavallo (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Cavallo.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\cav_installer_5951_60.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\cav_installer_5951_60.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ccsetup506.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\ccsetup506.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ccsetup507.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\ccsetup507.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\certificate.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\certificate.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ClassicShellSetup_4_2_1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\ClassicShellSetup_4_2_1.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Comodo Antivirus - CHIP-Installer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Comodo Antivirus - CHIP-Installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Cremello Longe.avi:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\Cremello Longe.avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnocell.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnolythe S100 (4).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnolythe S100 (5).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnolythe S100(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnolythe S100(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnoturbo.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Magnoturbo.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Datenblatt Plantagines.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Der_Hufmechanismus.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Der_Hufmechanismus.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DHLreturn_6215473711 (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DHLreturn_6215473711.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DHL_label_2015-3-2_10-30-16.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DHL_label_2015-3-2_10-51-46.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DHL_label_2015-3-4_12-0-16.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DHL_label_2015-3-4_12-2-7.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC05594.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC05595.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC05596.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC05597.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC05598.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC05601.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC_0249.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\DSC_3529.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\D_15_10_13_Analgesie_beim_Pferd.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\D_15_10_13_Analgesie_beim_Pferd.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Einhorn.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ElsterFormular-16.1.20150424p (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\ElsterFormular-16.1.20150424p (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ElsterFormular-16.1.20150424p.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\ElsterFormular-16.1.20150424p.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Ergebnisse_Altefeld_2013.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Ergebnisse_Altefeld_2013.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\erster-Galopp-quali-fb.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\facebook-100008889309795.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Fehr von und zu Hone-Piepeln Ende.odt:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\Fehr von und zu Hone-Piepeln Ende.odt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Firefox Setup Stub 38.0.5.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Firefox Setup Stub 38.0.5.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\flash188 (1).zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\flashplayer18_ga_install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\flashplayer18_ga_install.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Floating-Boots-Hufschuhe.ibooks:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\FLT_ORHBST27200_0.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\FLT_OZZRZ414366_0.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\FLT_S12K4L5809_0.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\FLT_S12K4L5809_0.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\FLT_ZTBNSW14534_0.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\FLT_ZTBNSW14534_0.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Gebrauchsanleitung Magnovital.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\gk417627_rueckmeldung_zum_sose_2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\GoogleEarthSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\GoogleEarthSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\GoProStudioPC-2.5.7.549.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\GoProStudioPC-2.5.7.549.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\***0.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\***0.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Helmtest (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Helmtest.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\HUFCHECK_Widerrufsformular_150321.pdf.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Hufkurs Tina 2015 (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Hufkurs Tina 2015.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (1).jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (2).jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (2).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (3).jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (3).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (4).jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (5).jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image (6).jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\image.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_1134.MOV:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_2567 (1).MOV:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5730.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5732.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5734.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5738.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5741.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5743.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\IMG_5745.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\install_flashplayer16x32au_chra_dy_aaa_aih.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\install_flashplayer16x32au_chra_dy_aaa_aih.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Jastin (2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Kontoauszug_***_Nr_2015_003_per_2015_03_03.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Kontoauszug_***_Nr_2015_004_per_2015_04_02.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\KV *** Touran.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\KV *** Touran.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\longenkurs_neu (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\longenkurs_neu.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Lucky.odt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Löwenzahn 1.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\MediaMonkey_4.1.7.1741.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\MediaMonkey_4.1.7.1741.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\mewithoutyou.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ *** - über die Reiterhand.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Mietvertrag mit Zahlungsmöglichk eiten (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Mietvertrag mit Zahlungsmöglichk eiten.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Muster-Widerrufsformular.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Natur des Guten.doc:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\Natur des Guten.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Normen-8-ProdSV.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\note.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer(1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer(1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\OpenOffice - CHIP-Installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Pat_Parelli_7_Secrets.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\Pat_Parelli_7_Secrets.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Preisliste Deckblatt_AGB_Warengruppen_Handwerker.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Preisliste Hippomed 2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Preisliste_11_2014.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Produktblatt_Air-One.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\radiantsetup19167446d.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\radiantsetup19167446d.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Rechnung ****.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Rechnung56988 (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Rechnung56988.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Rechnung_Bambi_November_2014.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Rechnung_Nr_3988 (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Reflektion 01.doc:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\Reflektion 01.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\RF 2014-1190659 (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\RF 2014-1190659 (2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\RF 2014-1190659.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\scan0011.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\schneesturm.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Screenshot_2014-10-27-21-31-30.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\SEPA_B2C_HUFCHECK.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ServiceLogin:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ServiceLogin (1):$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\setup_Mein_CEWE_FOTOBUCH.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\setup_Mein_CEWE_FOTOBUCH.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\sonderdeklaration -berufshaftpflicht.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Soziologie.rar:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Soziologie.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Strohm_Preisliste_Handwerker_Stand_29.01.2016.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\Strohm_Preisliste_Handwerker_Stand_29.01.2016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Termine *** 2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Theorie Level 1 Teil 01 - Beziehung.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\THHpreis_Gewerbe.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Trab-fb-quali.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Trainingstipps Naturtrailpark Dülmen.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\trial_videodeluxe2015_dlm (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\trial_videodeluxe2015_dlm (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\trial_videodeluxe2015_dlm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\trial_videodeluxe2015_dlm.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\TTIP_FiRe_REIMON.pdf.gpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\vcredist_x86.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\vcredist_x86.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Vettec Seminar (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Vettec Seminar.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\VID-20150720-WA0000.3gp:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\VID-20150720-WA0000.3gp:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\VID-20150720-WA0000.3gp.part:$CmdTcID [130]
AlternateDataStreams: C:\Users\Mel\Downloads\Viehtransporter-KR-T-1993.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Vorschau 2015 Kurzfassung.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\WISOSteuersoftware2016.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Mel\Downloads\WISOSteuersoftware2016.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\WP_000073.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ZE EQ Bodenarbeit Mai 2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\ZE Vielseitiges Modell Mai 2016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Zeiteinteilung Reitkurs Mai (1).xls:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Zeiteinteilung Reitkurs Mai (2).xls:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Zeiteinteilung Reitkurs Mai (3).xls:$CmdZnID [26]
AlternateDataStreams: C:\Users\Mel\Downloads\Zeiteinteilung Reitkurs Mai.xls:$CmdZnID [26]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2016-04-08 01:31 - 00000865 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 20.04.2016 Suchlaufzeit: 03:13 Protokolldatei: ScanLog Malwarebytes.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.04.20.01 Rootkit-Datenbank: v2016.04.17.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Mel Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 393029 Abgelaufene Zeit: 25 Min., 36 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 22 PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, , [e52c248dcfca1026277caf3d60a27a86], PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, , [e52c248dcfca1026277caf3d60a27a86], PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, , [e52c248dcfca1026277caf3d60a27a86], PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, , [e52c248dcfca1026277caf3d60a27a86], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, , [e52c248dcfca1026277caf3d60a27a86], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, , [e52c248dcfca1026277caf3d60a27a86], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, , [e52c248dcfca1026277caf3d60a27a86], PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, , [e52c248dcfca1026277caf3d60a27a86], PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, , [e52c248dcfca1026277caf3d60a27a86], PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, , [e52c248dcfca1026277caf3d60a27a86], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, , [e52c248dcfca1026277caf3d60a27a86], PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, , [e52c248dcfca1026277caf3d60a27a86], PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [67aa238e4a4f9e982b787b0e64a02fd1], PUP.Optional.SuperOptimizer, HKLM\SOFTWARE\WOW6432NODE\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [809119985d3cd1652b57f45608fcd12f], PUP.Optional.SuperOptimizer, HKLM\SOFTWARE\WOW6432NODE\{6791A2F3-FC80-475C-A002-C014AF797E9C}, , [cb46e3ce2e6b7fb7b7cc242628dc16ea], PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, , [aa67d4dd9ffab97d0b98a0e94db7e51b], PUP.Optional.InstallCore, HKU\S-1-5-21-3436712697-1915681797-834199881-1001\SOFTWARE\InstallCore, , [977a238ef6a3e84ea99675bb0301936d], PUP.Optional.SuperOptimizer, HKU\S-1-5-21-3436712697-1915681797-834199881-1001\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [e8297b3605943600324c1a30788c48b8], PUP.Optional.OptimizerPro, HKU\S-1-5-21-3436712697-1915681797-834199881-1001\SOFTWARE\OPTIMIZER PRO, , [769bfdb4623745f15973be7dbd47e11f], PUP.Optional.WebSaver, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{ea896dda-28ab-40bd-9a59-68fde8d68196}, , [29e83180b4e590a66a0d291cc1443dc3], PUP.Optional.WebSaver, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{EA896DDA-28AB-40BD-9A59-68FDE8D68196}, , [29e83180b4e590a66a0d291cc1443dc3], PUP.Optional.WebSaver, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{EA896DDA-28AB-40BD-9A59-68FDE8D68196}, , [29e83180b4e590a66a0d291cc1443dc3], Registrierungswerte: 4 PUP.Optional.OptimizerPro, HKU\S-1-5-21-3436712697-1915681797-834199881-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Optimizer Pro, C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe, , [e52c773a9900162068c5db769869916f] PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [67aa238e4a4f9e982b787b0e64a02fd1] PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [aa67d4dd9ffab97d0b98a0e94db7e51b] PUP.Optional.OptimizerPro, HKU\S-1-5-21-3436712697-1915681797-834199881-1001\SOFTWARE\OPTIMIZER PRO|AdsBuyNowURL, hxxp://www.safeshopgate.com/r?s=121000601&g=B616E7BB-76C0-070C-D876-A39453E304E8, , [769bfdb4623745f15973be7dbd47e11f] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 105 PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gghkfhpblkcmlkmpcpgaajbbiikbhpdi\222, , [878ad9d81d7c2c0a03d62513da2a6d93], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gghkfhpblkcmlkmpcpgaajbbiikbhpdi, , [878ad9d81d7c2c0a03d62513da2a6d93], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgaofoblihpmholkpioedjelemgjpafl\109, , [69a8535ee9b0af8706d3f24621e3ba46], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgaofoblihpmholkpioedjelemgjpafl, , [69a8535ee9b0af8706d3f24621e3ba46], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfbchidonfnclempkcojlpijhmoalhi\223, , [6fa2f1c0b1e8b28439a0fd3b2fd556aa], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfbchidonfnclempkcojlpijhmoalhi, , [6fa2f1c0b1e8b28439a0fd3b2fd556aa], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\124, , [5ab7fdb4b5e40036e3f6c573d03440c0], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime, , [5ab7fdb4b5e40036e3f6c573d03440c0], PUP.Optional.WebSaver, C:\ProgramData\websaver, , [0b063a770b8e0c2a2fe3bc96d82ca25e], PUP.Optional.OptimizerPro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2, , [f12002afe1b8063080131906729143bd], PUP.Optional.WildWestCoupon, C:\ProgramData\WildWestCoupon, , [ba57c8e95e3ba294407021091be8718f], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ar, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\bg, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ca, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\cs, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\da, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\de, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\el, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\en_GB, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\en_US, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\es, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\es_419, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\et, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\fi, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\fil, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\fr, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\he, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\hi, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\hu, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\id, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\it, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ja, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ko, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\lt, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\lv, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ms, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\nl, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\no, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\pl, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\pt_BR, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\pt_PT, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ro, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ru, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\sk, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\sl, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\sr, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\sv, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\th, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\tr, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\uk, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\vi, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\zh_CN, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\zh_TW, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_metadata, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima\172, , [b55c5b56c5d4b680d083006a0302da26], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima, , [b55c5b56c5d4b680d083006a0302da26], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, , [ec251b96b6e370c69fb49ad032d3df21], Dateien: 141 PUP.Optional.OptimizerPro, C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe, , [e52c773a9900162068c5db769869916f], PUP.Optional.MultiPlug, C:\ProgramData\websaver\DeEkJlymaO0SDY.tlb, , [e52c248dcfca1026277caf3d60a27a86], PUP.Optional.Amonetize, C:\ProgramData\Comodo\Cis\Quarantine\data\{0402791E-7CE6-4256-870D-75DAC1E16880}, , [2be6426f1089d2641e8372c77c86a957], PUP.Optional.MultiPlug, C:\ProgramData\Comodo\Cis\Quarantine\data\{3B84F588-8F97-475A-A5F2-5C3167BA5C92}, , [030e8f220e8bf93de4e6815f49b836ca], PUP.Optional.MultiPlug.UNS, C:\ProgramData\Comodo\Cis\Quarantine\data\{6ABE84C2-19AF-49EE-998F-723C8B3357E5}, , [769b4c65d1c853e3c87b199957abfa06], PUP.Optional.OptimizerPro, C:\ProgramData\Comodo\Cis\Quarantine\data\{8DA61F36-36B9-4597-B525-8470E2DC6DE8}, , [8e83b8f90a8f40f66230239dcf31c739], PUP.Optional.MultiPlug, C:\ProgramData\Comodo\Cis\Quarantine\data\{9F0128BA-57A2-4246-8FE4-3B99E80058ED}, , [d43d9f12c8d169cd85f8dd08857b926e], PUP.Optional.OptimizerPro, C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe, , [8f82347dc5d4c373121b71e0a25fea16], PUP.Optional.OptimizerPro, C:\Program Files (x86)\Optimizer Pro\OptProSchedule.exe, , [fa17159cf9a0280eaee5e6da60a0f40c], PUP.Optional.OptimizerPro, C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe, , [e031624f7821e4525e361ba518e842be], PUP.Optional.OptimizerPro, C:\Program Files (x86)\Optimizer Pro\OptProStart.exe, , [a66b8e23227794a2d35a5cf52ad750b0], PUP.Optional.OptimizerPro, C:\Program Files (x86)\Optimizer Pro\OptProUninstaller.exe, , [bc553e73adecb87e4ae2df72fa079a66], PUP.Optional.DownloadGuide, C:\Users\Mel\Downloads\vbcsetup_CB-DL-Manager.exe, , [dd34a70a8613b680c9610f3fe21fc63a], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gghkfhpblkcmlkmpcpgaajbbiikbhpdi\222\lsdb.js, , [878ad9d81d7c2c0a03d62513da2a6d93], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gghkfhpblkcmlkmpcpgaajbbiikbhpdi\222\background.html, , [878ad9d81d7c2c0a03d62513da2a6d93], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gghkfhpblkcmlkmpcpgaajbbiikbhpdi\222\content.js, , [878ad9d81d7c2c0a03d62513da2a6d93], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gghkfhpblkcmlkmpcpgaajbbiikbhpdi\222\manifest.json, , [878ad9d81d7c2c0a03d62513da2a6d93], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgaofoblihpmholkpioedjelemgjpafl\109\lsdb.js, , [69a8535ee9b0af8706d3f24621e3ba46], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgaofoblihpmholkpioedjelemgjpafl\109\background.html, , [69a8535ee9b0af8706d3f24621e3ba46], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgaofoblihpmholkpioedjelemgjpafl\109\content.js, , [69a8535ee9b0af8706d3f24621e3ba46], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgaofoblihpmholkpioedjelemgjpafl\109\manifest.json, , [69a8535ee9b0af8706d3f24621e3ba46], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfbchidonfnclempkcojlpijhmoalhi\223\lsdb.js, , [6fa2f1c0b1e8b28439a0fd3b2fd556aa], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfbchidonfnclempkcojlpijhmoalhi\223\background.html, , [6fa2f1c0b1e8b28439a0fd3b2fd556aa], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfbchidonfnclempkcojlpijhmoalhi\223\BX.js, , [6fa2f1c0b1e8b28439a0fd3b2fd556aa], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfbchidonfnclempkcojlpijhmoalhi\223\content.js, , [6fa2f1c0b1e8b28439a0fd3b2fd556aa], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfbchidonfnclempkcojlpijhmoalhi\223\manifest.json, , [6fa2f1c0b1e8b28439a0fd3b2fd556aa], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfbchidonfnclempkcojlpijhmoalhi\223\mQB.js, , [6fa2f1c0b1e8b28439a0fd3b2fd556aa], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\124\lsdb.js, , [5ab7fdb4b5e40036e3f6c573d03440c0], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\124\background.html, , [5ab7fdb4b5e40036e3f6c573d03440c0], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\124\content.js, , [5ab7fdb4b5e40036e3f6c573d03440c0], PUP.Optional.MultiPlug, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\124\manifest.json, , [5ab7fdb4b5e40036e3f6c573d03440c0], PUP.Optional.WebSaver, C:\ProgramData\websaver\DeEkJlymaO0SDY.dat, , [0b063a770b8e0c2a2fe3bc96d82ca25e], PUP.Optional.OptimizerPro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Hilfe.lnk, , [f12002afe1b8063080131906729143bd], PUP.Optional.OptimizerPro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Nach Updates suchen.lnk, , [f12002afe1b8063080131906729143bd], PUP.Optional.OptimizerPro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro entfernen.lnk, , [f12002afe1b8063080131906729143bd], PUP.Optional.OptimizerPro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro im Internet.lnk, , [f12002afe1b8063080131906729143bd], PUP.Optional.OptimizerPro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk, , [f12002afe1b8063080131906729143bd], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\manifest.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\icon_128.png, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\icon_16.png, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\main.html, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\main.js, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ar\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\bg\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ca\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\cs\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\da\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\de\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\el\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\en_GB\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\en_US\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\es\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\es_419\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\et\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\fi\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\fil\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\fr\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\he\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\hi\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\hu\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\id\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\it\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ja\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ko\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\lt\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\lv\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ms\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\nl\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\no\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\pl\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\pt_BR\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\pt_PT\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ro\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\ru\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\sk\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\sl\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\sr\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\sv\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\th\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\tr\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\uk\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\vi\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\zh_CN\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_locales\zh_TW\messages.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\_metadata\verified_contents.json, , [2be611a0128776c0114270faba4b36ca], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima\172\manifest.json, , [b55c5b56c5d4b680d083006a0302da26], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima\172\background.html, , [b55c5b56c5d4b680d083006a0302da26], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima\172\content.js, , [b55c5b56c5d4b680d083006a0302da26], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\manifest.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_background.js, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_window.js, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css\craw_window.css, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html\craw_window.html, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\flapper.gif, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_128.png, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_16.png, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button.png, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_close.png, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_hover.png, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_maximize.png, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_pressed.png, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], PUP.Optional.HijackModifiedExtension, C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW\messages.json, , [ec251b96b6e370c69fb49ad032d3df21], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
|
20.04.2016, 12:11
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Spam - Mails mit meinem Absender an mein Adressbuch Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ --> Spam - Mails mit meinem Absender an mein Adressbuch |
|
20.04.2016, 21:20
| #7 |
| | Spam - Mails mit meinem Absender an mein Adressbuch Der Scan von MBAR sagt: Congratulations, no malware found! Kein Cleanup notwendig. In Ermangelung eines entsprechenden logfiles: und jetzt? Danke für deine Unterstützung, cosinus!! |
|
20.04.2016, 21:38
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Spam - Mails mit meinem Absender an mein Adressbuch Bitte poste das Log wie in der Anleitung beschrieben.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.04.2016, 22:47
| #9 |
| | Spam - Mails mit meinem Absender an mein AdressbuchCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.04.20.05
rootkit: v2016.04.17.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18283
Mel :: MELLI [administrator]
20.04.2016 21:14:10
mbar-log-2016-04-20 (21-14-10).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 400737
Time elapsed: 34 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
21.04.2016, 09:53
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Spam - Mails mit meinem Absender an mein Adressbuch Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.04.2016, 02:34
| #11 |
| | Spam - Mails mit meinem Absender an mein AdressbuchCode:
ATTFilter # AdwCleaner v5.112 - Bericht erstellt am 22/04/2016 um 03:07:41
# Aktualisiert am 17/04/2016 von Xplode
# Datenbank : 2016-04-19.5 [Server]
# Betriebssystem : Windows 8.1 (X64)
# Benutzername : Mel - MELLI
# Gestartet von : C:\Users\Mel\Downloads\AdwCleaner_5.112.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner gelöscht : C:\Program Files\AdTrustMedia
[-] Ordner gelöscht : C:\Program Files (x86)\AdTrustMedia
[-] Ordner gelöscht : C:\Program Files (x86)\Optimizer Pro
[-] Ordner gelöscht : C:\ProgramData\AdTrustMedia
[-] Ordner gelöscht : C:\ProgramData\WildWestCoupon
[-] Ordner gelöscht : C:\ProgramData\5a0751f53cea4514
[-] Ordner gelöscht : C:\ProgramData\KiingCCoiUpoon
[-] Ordner gelöscht : C:\ProgramData\LucKyySHoppEr
[-] Ordner gelöscht : C:\ProgramData\RoyalCooupioN
[-] Ordner gelöscht : C:\ProgramData\TIIcTACoupon
[-] Ordner gelöscht : C:\ProgramData\topddeal
[-] Ordner gelöscht : C:\ProgramData\websaver
[#] Ordner gelöscht : C:\ProgramData\Application Data\AdTrustMedia
[#] Ordner gelöscht : C:\ProgramData\Application Data\WildWestCoupon
[#] Ordner gelöscht : C:\ProgramData\Application Data\5a0751f53cea4514
[#] Ordner gelöscht : C:\ProgramData\Application Data\KiingCCoiUpoon
[#] Ordner gelöscht : C:\ProgramData\Application Data\LucKyySHoppEr
[#] Ordner gelöscht : C:\ProgramData\Application Data\RoyalCooupioN
[#] Ordner gelöscht : C:\ProgramData\Application Data\TIIcTACoupon
[#] Ordner gelöscht : C:\ProgramData\Application Data\topddeal
[#] Ordner gelöscht : C:\ProgramData\Application Data\websaver
[-] Ordner gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdTrustMedia
[-] Ordner gelöscht : C:\Users\Mel\AppData\Local\AdTrustMedia
[-] Ordner gelöscht : C:\Users\Mel\AppData\Local\Comodo\Chromodo\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
[-] Ordner gelöscht : C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgaofoblihpmholkpioedjelemgjpafl
[-] Ordner gelöscht : C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
[-] Ordner gelöscht : C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gghkfhpblkcmlkmpcpgaajbbiikbhpdi
[#] Ordner gelöscht : C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgaofoblihpmholkpioedjelemgjpafl
[-] Ordner gelöscht : C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfbchidonfnclempkcojlpijhmoalhi
[-] Ordner gelöscht : C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime
[-] Ordner gelöscht : C:\Users\Mel\AppData\Roaming\AdTrustMedia
***** [ Dateien ] *****
[-] Datei gelöscht : C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\s8geii9f.default\invalidprefs.js
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Wert gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[-] Schlüssel gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
[-] Schlüssel gelöscht : HKCU\Software\Google\Chrome\Extensions\cmaiofennmphjldldcpphcechfnnohja
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\pc-mechanic
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
[-] Schlüssel gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
[-] Schlüssel gelöscht : HKCU\Software\InstallCore
[-] Schlüssel gelöscht : HKCU\Software\OCS
[-] Schlüssel gelöscht : HKCU\Software\Optimizer Pro
[-] Schlüssel gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
[-] Wert gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
[#] Wert gelöscht : HKU\S-1-5-21-3436712697-1915681797-834199881-1001\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
[-] Wert gelöscht : HKU\S-1-5-21-3436712697-1915681797-834199881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Optimizer Pro]
***** [ Internetbrowser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [5545 Bytes] - [22/04/2016 03:07:41]
C:\AdwCleaner\AdwCleaner[S1].txt - [5856 Bytes] - [22/04/2016 03:02:32]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5691 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 8.1 x64
Ran by Mel (Administrator) on 22.04.2016 at 3:24:35,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 5
Successfully deleted: C:\ProgramData\Start Menu\Programs\optimizer pro v3.2 (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\ProgramData\LUckyCooUpoNo (Folder)
Successfully deleted: C:\WINDOWS\prefetch\FREEYOUTUBETOMP3CONVERTER.EXE-5ABF2D3D.pf (File)
Registry: 1
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\PrivDogService (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.04.2016 at 3:33:56,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
22.04.2016, 11:09
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Spam - Mails mit meinem Absender an mein Adressbuch Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2016, 01:14
| #13 |
| | Spam - Mails mit meinem Absender an mein AdressbuchCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
durchgeführt von Mel (Administrator) auf MELLI (27-04-2016 02:04:53)
Gestartet von C:\Users\Mel\Downloads
Geladene Profile: Mel (Verfügbare Profile: Mel)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Ventis Media Inc.) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
() C:\Program Files (x86)\MediaMonkey\MediaMonkey64Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6842000 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-09-28] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [11229696 2012-09-18] (Dell Inc.)
HKLM\...\Run: [DellWPF] => C:\Program Files\Synaptics\SynTP\DellTouchpad.exe [5023984 2015-07-01] ()
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-04-13] (COMODO)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164080 2015-06-30] (IvoSoft)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2796272 2015-07-01] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2016-02-09] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2016-02-09] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GoPro Studio Importer] => C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe [3218184 2015-12-07] (GoPro)
HKU\S-1-5-21-3436712697-1915681797-834199881-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-28] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [60688 2016-02-09] (Apple Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-02-28]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-08]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 213.228.128.156 213.228.128.6
Tcpip\..\Interfaces\{F4FB4CEC-014F-4D8F-A0FC-3E7B000991F7}: [DhcpNameServer] 213.228.128.156 213.228.128.6
Internet Explorer:
==================
HKU\S-1-5-21-3436712697-1915681797-834199881-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130892486228506907&GUID=D00FD029-311D-44C6-89EF-5EC74D2BD500
HKU\S-1-5-21-3436712697-1915681797-834199881-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\S-1-5-21-3436712697-1915681797-834199881-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-06-27] (IvoSoft)
BHO: Kein Name -> {ea896dda-28ab-40bd-9a59-68fde8d68196} -> Keine Datei
BHO: Kein Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Keine Datei
BHO: Kein Name -> {F2B34DA5-14AF-8CF9-FF1C-D4EEF61C0313} -> Keine Datei
BHO: PrivDog Extension -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll => Keine Datei
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-06-27] (IvoSoft)
Toolbar: HKLM - Kein Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft)
FireFox:
========
FF ProfilePath: C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\s8geii9f.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-09] ()
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-22] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3436712697-1915681797-834199881-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Mel\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-10] (Citrix Online)
FF Extension: ADB Helper - C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\s8geii9f.default\Extensions\adbhelper@mozilla.org [2016-02-13]
FF Extension: Valence - C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\s8geii9f.default\Extensions\fxdevtools-adapters@mozilla.org [2016-02-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nicht gefunden
Chrome:
=======
CHR dev: Chrome dev build erkannt! <======= ACHTUNG
CHR Profile: C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Store) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-17] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Drive) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-02]
CHR Extension: (YouTube) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-02]
CHR Extension: (Google-Suche) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-17]
CHR Extension: (Full Screen) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmimocjjppdelmhpcmpkhekmpoddgima [2014-10-28] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Wallet) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-17] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ACHTUNG
CHR Extension: (Google Mail) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-02]
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Mel\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-03-08]
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 gpsvc; C:\Windows\System32\gpsvc.dll [1360896 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [1360896 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
R2 nsi; C:\Windows\System32\nsisvc.dll [28672 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [802816 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WinHttpAutoProxySvc; C:\WINDOWS\SysWOW64\winhttp.dll [631808 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [214528 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 ALG; C:\Windows\System32\alg.exe [96768 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [239616 2014-07-21] (AMD) [Datei ist nicht signiert]
U3 AppIDSvc; C:\Windows\System32\appidsvc.dll [39936 2015-09-09] (Microsoft Corporation) [Datei ist nicht signiert]
R3 Appinfo; C:\Windows\System32\appinfo.dll [110080 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-11-08] (Apple Inc.)
U3 AppReadiness; C:\Windows\system32\AppReadiness.dll [562688 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 AppXSvc; C:\Windows\system32\appxdeploymentserver.dll [1348096 2016-04-13] (Microsoft Corporation) [Datei ist nicht signiert]
U2 AudioEndpointBuilder; C:\Windows\System32\AudioEndpointBuilder.dll [230400 2015-05-30] (Microsoft Corporation) [Datei ist nicht signiert]
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [911360 2015-05-30] (Microsoft Corporation) [Datei ist nicht signiert]
U3 AxInstSV; C:\Windows\System32\AxInstSV.dll [111104 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
U3 BDESVC; C:\Windows\System32\bdesvc.dll [348672 2015-10-13] (Microsoft Corporation) [Datei ist nicht signiert]
U2 BFE; C:\Windows\System32\bfe.dll [845312 2016-04-13] (Microsoft Corporation) [Datei ist nicht signiert]
U3 BITS; C:\Windows\System32\qmgr.dll [933376 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 BrokerInfrastructure; C:\Windows\System32\bisrv.dll [270336 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 Browser; C:\Windows\System32\browser.dll [135168 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 bthserv; C:\Windows\system32\bthserv.dll [94720 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 CertPropSvc; C:\Windows\System32\certprop.dll [156160 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2304184 2016-04-08] (Comodo)
U2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5799552 2016-04-15] (COMODO)
U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-04-15] (COMODO)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [131584 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [817664 2016-04-13] (Microsoft Corporation) [Datei ist nicht signiert]
U3 defragsvc; C:\Windows\System32\defragsvc.dll [524288 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-10-15] (Dell Inc.)
U2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-04-09] (Dell Inc.)
U2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-04-09] (Dell Inc.)
U2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [Datei ist nicht signiert]
U2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-09-11] (Dell Inc.)
U2 DeviceAssociationService; C:\Windows\system32\das.dll [407040 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 DeviceInstall; C:\Windows\system32\umpnpmgr.dll [116736 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 Dhcp; C:\Windows\system32\dhcpcore.dll [365056 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 Dhcp; C:\WINDOWS\SysWOW64\dhcpcore.dll [292864 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 DiagTrack; C:\Windows\system32\diagtrack.dll [1633792 2015-09-10] (Microsoft Corporation) [Datei ist nicht signiert]
U2 Dnscache; C:\Windows\System32\dnsrslvr.dll [252416 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 dot3svc; C:\Windows\System32\dot3svc.dll [262144 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 DPS; C:\Windows\system32\dps.dll [174080 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 DsmSvc; C:\Windows\System32\DeviceSetupManager.dll [206848 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 Eaphost; C:\Windows\System32\eapsvc.dll [110592 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 EFS; C:\Windows\system32\efssvc.dll [41472 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 EventLog; C:\Windows\System32\wevtsvc.dll [1696256 2015-05-12] (Microsoft Corporation) [Datei ist nicht signiert]
U2 EventSystem; C:\Windows\system32\es.dll [516608 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 EventSystem; C:\WINDOWS\SysWOW64\es.dll [367616 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 Fax; C:\Windows\system32\fxssvc.exe [658944 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 fdPHost; C:\Windows\system32\fdPHost.dll [22016 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 fhsvc; C:\Windows\system32\fhsvc.dll [121856 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 FontCache; C:\Windows\system32\FntCache.dll [1383936 2015-12-09] (Microsoft Corporation) [Datei ist nicht signiert]
U3 hidserv; C:\Windows\system32\hidserv.dll [33792 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 hidserv; C:\WINDOWS\SysWOW64\hidserv.dll [30720 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 hkmsvc; C:\Windows\system32\kmsvc.dll [101376 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [275968 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [445952 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 HomeGroupProvider; C:\WINDOWS\SysWOW64\provsvc.dll [366080 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [Datei ist nicht signiert]
U3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2014-10-31] (Microsoft Corporation) [Datei ist nicht signiert]
U2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
U2 IKEEXT; C:\Windows\System32\ikeext.dll [1083904 2016-04-13] (Microsoft Corporation) [Datei ist nicht signiert]
U2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [926208 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
U3 KeyIso; C:\Windows\system32\keyiso.dll [62464 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 KeyIso; C:\WINDOWS\SysWOW64\keyiso.dll [46592 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 KtmRm; C:\Windows\system32\msdtckrm.dll [373248 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 LanmanServer; C:\Windows\system32\srvsvc.dll [329216 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [289280 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 lfsvc; C:\Windows\System32\GeofenceMonitorService.dll [522240 2015-05-07] (Microsoft Corporation) [Datei ist nicht signiert]
U3 lfsvc; C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll [367104 2015-05-07] (Microsoft Corporation) [Datei ist nicht signiert]
U3 lltdsvc; C:\Windows\System32\lltdsvc.dll [279040 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 lmhosts; C:\Windows\System32\lmhsvc.dll [24576 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 LSM; C:\Windows\System32\lsm.dll [780800 2015-04-14] (Microsoft Corporation) [Datei ist nicht signiert]
U3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-04-08] (McAfee, Inc.)
U2 MMCSS; C:\Windows\system32\mmcss.dll [71168 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 MpsSvc; C:\Windows\system32\mpssvc.dll [880640 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 MSDTC; C:\Windows\System32\msdtc.exe [144384 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [151040 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
S3 msiserver; C:\Windows\System32\msiexec.exe [65024 2015-06-16] (Microsoft Corporation) [Datei ist nicht signiert]
S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [59904 2015-06-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 napagent; C:\Windows\system32\qagentRT.dll [446464 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 NcaSvc; C:\Windows\System32\ncasvc.dll [166400 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 NcbService; C:\Windows\System32\ncbservice.dll [154112 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 NcdAutoSetup; C:\Windows\System32\NcdAutoSetup.dll [74752 2015-10-13] (Microsoft Corporation) [Datei ist nicht signiert]
U3 Netlogon; C:\Windows\system32\netlogon.dll [839168 2016-03-09] (Microsoft Corporation) [Datei ist nicht signiert]
U3 Netlogon; C:\WINDOWS\SysWOW64\netlogon.dll [696320 2016-03-09] (Microsoft Corporation) [Datei ist nicht signiert]
U3 Netman; C:\Windows\System32\netman.dll [266752 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 netprofm; C:\Windows\System32\netprofmsvc.dll [550912 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 NlaSvc; C:\Windows\System32\nlasvc.dll [391680 2014-12-06] (Microsoft Corporation) [Datei ist nicht signiert]
U3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [380416 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 p2psvc; C:\Windows\system32\p2psvc.dll [440832 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 PcaSvc; C:\Windows\System32\pcasvc.dll [474112 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 PerfHost; C:\Windows\SysWow64\perfhost.exe [21504 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 pla; C:\Windows\system32\pla.dll [1526784 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 pla; C:\WINDOWS\SysWOW64\pla.dll [1534464 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 PlugPlay; C:\Windows\system32\umpnpmgr.dll [116736 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [26624 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [380416 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [397312 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 Power; C:\Windows\system32\umpo.dll [80384 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [2988544 2015-09-08] (Microsoft Corporation) [Datei ist nicht signiert]
U2 ProfSvc; C:\Windows\system32\profsvc.dll [228864 2015-09-10] (Microsoft Corporation) [Datei ist nicht signiert]
U3 QWAVE; C:\Windows\system32\qwave.dll [303104 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 QWAVE; C:\WINDOWS\SysWOW64\qwave.dll [261632 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
S3 RasAuto; C:\Windows\System32\rasauto.dll [102912 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
S3 RasMan; C:\Windows\System32\rasmans.dll [542208 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [226816 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
S4 RemoteAccess; C:\WINDOWS\SysWOW64\mprdim.dll [183296 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U4 RemoteRegistry; C:\Windows\system32\regsvc.dll [166400 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [80896 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 RpcLocator; C:\Windows\system32\locator.exe [10240 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
R2 RpcSs; C:\Windows\system32\rpcss.dll [817664 2016-04-13] (Microsoft Corporation) [Datei ist nicht signiert]
U2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-09-01] (Realtek Semiconductor)
U4 SCardSvr; C:\Windows\System32\SCardSvr.dll [194048 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [131072 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 Schedule; C:\Windows\system32\schedsvc.dll [1265152 2015-09-09] (Microsoft Corporation) [Datei ist nicht signiert]
U3 SCPolicySvc; C:\Windows\System32\certprop.dll [156160 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 seclogon; C:\Windows\system32\seclogon.dll [31744 2016-03-09] (Microsoft Corporation) [Datei ist nicht signiert]
R2 SENS; C:\Windows\System32\sens.dll [73728 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 SensrSvc; C:\Windows\system32\sensrsvc.dll [243200 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 SessionEnv; C:\Windows\system32\sessenv.dll [339968 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 SessionEnv; C:\WINDOWS\SysWOW64\sessenv.dll [296448 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
U3 SharedAccess; C:\Windows\System32\ipnathlp.dll [452608 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [640000 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 ShellHWDetection; C:\WINDOWS\SysWOW64\shsvcs.dll [576512 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 smphost; C:\Windows\System32\smphost.dll [13312 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 smphost; C:\WINDOWS\SysWOW64\smphost.dll [11776 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14848 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
R2 Spooler; C:\Windows\System32\spoolsv.exe [827392 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [249344 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 SstpSvc; C:\Windows\system32\sstpsvc.dll [142848 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 stisvc; C:\Windows\System32\wiaservc.dll [670720 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 StorSvc; C:\Windows\system32\storsvc.dll [20480 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 StorSvc; C:\WINDOWS\SysWOW64\storsvc.dll [17920 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-03-21] (Dell Inc.)
U3 svsvc; C:\Windows\system32\svsvc.dll [13312 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 swprv; C:\Windows\System32\swprv.dll [706048 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 SysMain; C:\Windows\system32\sysmain.dll [1217024 2015-08-12] (Microsoft Corporation) [Datei ist nicht signiert]
U2 SystemEventsBroker; C:\Windows\System32\SystemEventsBrokerServer.dll [294912 2015-05-12] (Microsoft Corporation) [Datei ist nicht signiert]
U3 TabletInputService; C:\Windows\System32\TabSvc.dll [154624 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 TapiSrv; C:\Windows\System32\tapisrv.dll [313344 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 TapiSrv; C:\WINDOWS\SysWOW64\tapisrv.dll [254464 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
S3 TermService; C:\Windows\System32\termsrv.dll [1114624 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
R2 Themes; C:\Windows\system32\themeservice.dll [59392 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 THREADORDER; C:\Windows\system32\mmcss.dll [71168 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 TimeBroker; C:\Windows\System32\TimeBrokerServer.dll [262656 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 TrkWks; C:\Windows\System32\trkwks.dll [124416 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [106496 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 UI0Detect; C:\Windows\system32\UI0Detect.exe [41984 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 UmRdpService; C:\Windows\System32\umrdp.dll [300032 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 upnphost; C:\Windows\System32\upnphost.dll [457728 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 upnphost; C:\WINDOWS\SysWOW64\upnphost.dll [331776 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 VaultSvc; C:\Windows\System32\vaultsvc.dll [260608 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 vds; C:\Windows\System32\vds.exe [1313792 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 vmicguestinterface; C:\Windows\System32\ICSvc.dll [524800 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 vmicheartbeat; C:\Windows\System32\ICSvc.dll [524800 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 vmickvpexchange; C:\Windows\System32\ICSvc.dll [524800 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 vmicrdv; C:\Windows\System32\ICSvc.dll [524800 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 vmicshutdown; C:\Windows\System32\ICSvc.dll [524800 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 vmictimesync; C:\Windows\System32\ICSvc.dll [524800 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 VSS; C:\Windows\system32\vssvc.exe [1455104 2016-04-13] (Microsoft Corporation) [Datei ist nicht signiert]
U3 W32Time; C:\Windows\system32\w32time.dll [411648 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 wbengine; C:\Windows\system32\wbengine.exe [1574912 2016-04-13] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [465920 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 Wcmsvc; C:\Windows\System32\wcmsvc.dll [374784 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 wcncsvc; C:\Windows\System32\wcncsvc.dll [465920 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [43520 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WcsPlugInService; C:\WINDOWS\SysWOW64\WcsPlugInService.dll [34304 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WdiServiceHost; C:\Windows\system32\wdi.dll [95744 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WdiServiceHost; C:\WINDOWS\SysWOW64\wdi.dll [84992 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WdiSystemHost; C:\Windows\system32\wdi.dll [95744 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WdiSystemHost; C:\WINDOWS\SysWOW64\wdi.dll [84992 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-12] (Microsoft Corporation)
U3 WebClient; C:\Windows\System32\webclnt.dll [228864 2015-08-12] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WebClient; C:\WINDOWS\SysWOW64\webclnt.dll [198656 2015-08-12] (Microsoft Corporation) [Datei ist nicht signiert]
U3 Wecsvc; C:\Windows\system32\wecsvc.dll [209408 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [26112 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84992 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WerSvc; C:\Windows\System32\WerSvc.dll [108544 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WiaRpc; C:\Windows\System32\wiarpc.dll [67584 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-12] (Microsoft Corporation)
U2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [230400 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WinRM; C:\Windows\system32\WsmSvc.dll [2609152 2016-04-13] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WinRM; C:\WINDOWS\SysWOW64\WsmSvc.dll [2170880 2016-04-13] (Microsoft Corporation) [Datei ist nicht signiert]
U2 WlanSvc; C:\Windows\System32\wlansvc.dll [1547264 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 wlidsvc; C:\Windows\system32\wlidsvc.dll [1639424 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6334464 2012-09-18] (Dell Inc.) [Datei ist nicht signiert]
U3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [201728 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1478144 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1673728 2016-04-13] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WPCSvc; C:\WINDOWS\SysWOW64\wpcsvc.dll [10240 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [86528 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 wscsvc; C:\Windows\System32\wscsvc.dll [146944 2016-03-09] (Microsoft Corporation) [Datei ist nicht signiert]
U2 WSearch; C:\Windows\system32\SearchIndexer.exe [903168 2015-06-30] (Microsoft Corporation) [Datei ist nicht signiert]
U2 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [710144 2015-06-30] (Microsoft Corporation) [Datei ist nicht signiert]
U3 wuauserv; C:\Windows\system32\wuaueng.dll [3708416 2016-03-09] (Microsoft Corporation) [Datei ist nicht signiert]
U3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [104960 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WwanSvc; C:\Windows\System32\wwansvc.dll [513536 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U2 Privacy Content Firewall; "C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogService.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
U3 1394ohci; C:\Windows\System32\drivers\1394ohci.sys [231424 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [10240 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [12288 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 acpitime; C:\Windows\System32\drivers\acpitime.sys [10752 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U1 admnfd; C:\WINDOWS\system32\Drivers\admnfd.sys [49496 2014-12-04] (Windows (R) Win 7 DDK provider)
U1 AFD; C:\Windows\system32\drivers\afd.sys [559616 2015-10-13] (Microsoft Corporation) [Datei ist nicht signiert]
U1 ahcache; C:\Windows\System32\DRIVERS\ahcache.sys [80384 2015-05-12] (Microsoft Corporation) [Datei ist nicht signiert]
U3 AmdK8; C:\Windows\System32\drivers\amdk8.sys [95744 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [13209088 2014-07-21] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
U3 amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [626688 2014-07-21] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
U0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
U3 AmdPPM; C:\Windows\System32\drivers\amdppm.sys [98816 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 AppID; C:\Windows\system32\drivers\appid.sys [82944 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U1 BasicDisplay; C:\Windows\System32\drivers\BasicDisplay.sys [50688 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [33280 2014-09-24] (Microsoft Corporation) [Datei ist nicht signiert]
U3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
U3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6834760 2012-09-13] (Broadcom Corporation)
U3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [102912 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U1 browserMon; C:\Windows\System32\DRIVERS\browserMon.sys [20728 2015-03-09] (Windows (R) Win 7 DDK provider)
U3 BthAvrcpTg; C:\Windows\System32\drivers\BthAvrcpTg.sys [36992 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 BthEnum; C:\Windows\System32\drivers\BthEnum.sys [53248 2015-03-10] (Microsoft Corporation) [Datei ist nicht signiert]
U3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [57856 2015-05-12] (Microsoft Corporation) [Datei ist nicht signiert]
U3 bthhfhid; C:\Windows\System32\drivers\BthHFHid.sys [30720 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation) [Datei ist nicht signiert]
U3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [64000 2014-09-24] (Microsoft Corporation) [Datei ist nicht signiert]
U3 BthPan; C:\Windows\System32\drivers\bthpan.sys [118272 2015-09-10] (Microsoft Corporation) [Datei ist nicht signiert]
U3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [1201664 2015-05-11] (Microsoft Corporation) [Datei ist nicht signiert]
U3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [81920 2015-03-10] (Microsoft Corporation) [Datei ist nicht signiert]
U4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [88576 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U1 cdrom; C:\Windows\System32\drivers\cdrom.sys [164352 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2015-12-30] (Windows (R) Win 7 DDK provider)
U3 circlass; C:\Windows\System32\drivers\circlass.sys [44032 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 CmBatt; C:\Windows\System32\drivers\CmBatt.sys [25472 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-04-06] (COMODO)
U1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [846104 2016-04-06] (COMODO)
U1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45600 2016-04-06] (COMODO)
U3 CompositeBus; C:\Windows\System32\drivers\CompositeBus.sys [36352 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 condrv; C:\Windows\System32\drivers\condrv.sys [43008 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-13] (Dell Computer Corporation)
U3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2016-03-21] (Dell Computer Corporation)
U3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.) [Datei ist nicht signiert]
U1 Dfsc; C:\Windows\System32\Drivers\dfsc.sys [134144 2014-09-24] (Microsoft Corporation) [Datei ist nicht signiert]
U3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [29696 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
U3 ErrDev; C:\Windows\System32\drivers\errdev.sys [10240 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 exfat; C:\Windows\System32\Drivers\exfat.sys [200704 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 fdc; C:\Windows\System32\drivers\fdc.sys [30720 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34816 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 flpydisk; C:\Windows\System32\drivers\flpydisk.sys [25088 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 FxPPM; C:\Windows\System32\drivers\fxppm.sys [27136 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [11264 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 HDAudBus; C:\Windows\System32\drivers\HDAudBus.sys [76800 2014-09-24] (Microsoft Corporation) [Datei ist nicht signiert]
U3 HidBatt; C:\Windows\System32\drivers\HidBatt.sys [26624 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 HidBth; C:\Windows\System32\drivers\hidbth.sys [97792 2015-03-10] (Microsoft Corporation) [Datei ist nicht signiert]
U3 hidi2c; C:\Windows\System32\drivers\hidi2c.sys [41472 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 HidIr; C:\Windows\System32\drivers\hidir.sys [45568 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 HidUsb; C:\Windows\System32\drivers\hidusb.sys [33280 2014-09-24] (Microsoft Corporation) [Datei ist nicht signiert]
U3 hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys [13824 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 HyperVideo; C:\Windows\system32\DRIVERS\HyperVideo.sys [22016 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 i8042prt; C:\Windows\System32\drivers\i8042prt.sys [108544 2014-11-04] (Microsoft Corporation) [Datei ist nicht signiert]
U1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [138560 2016-04-06] (COMODO)
U3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2012-06-19] (Intel(R) Corporation) [Datei ist nicht signiert]
U3 intelppm; C:\Windows\System32\drivers\intelppm.sys [98816 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [84992 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys [80896 2016-02-03] (Microsoft Corporation) [Datei ist nicht signiert]
U3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [142848 2014-09-24] (Microsoft Corporation) [Datei ist nicht signiert]
U3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 kbdhid; C:\Windows\System32\drivers\kbdhid.sys [32256 2014-11-04] (Microsoft Corporation) [Datei ist nicht signiert]
U3 kdnic; C:\Windows\system32\DRIVERS\kdnic.sys [19456 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [21248 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U2 lltdio; C:\Windows\system32\DRIVERS\lltdio.sys [59392 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U2 luafv; C:\Windows\system32\drivers\luafv.sys [124416 2014-09-24] (Microsoft Corporation) [Datei ist nicht signiert]
U3 Modem; C:\Windows\System32\drivers\modem.sys [40960 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 monitor; C:\Windows\System32\drivers\monitor.sys [30208 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 mouhid; C:\Windows\System32\drivers\mouhid.sys [30208 2014-11-04] (Microsoft Corporation) [Datei ist nicht signiert]
U3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [74240 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2016-02-09] (Microsoft Corporation) [Datei ist nicht signiert]
U3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [401920 2016-04-13] (Microsoft Corporation) [Datei ist nicht signiert]
U2 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [284672 2016-04-13] (Microsoft Corporation) [Datei ist nicht signiert]
U3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [201728 2016-04-13] (Microsoft Corporation) [Datei ist nicht signiert]
U3 MsBridge; C:\Windows\system32\DRIVERS\bridge.sys [115712 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 mshidumdf; C:\Windows\System32\drivers\mshidumdf.sys [9728 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 MSKSSRV; C:\Windows\system32\drivers\MSKSSRV.sys [10624 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 MsLldp; C:\Windows\system32\DRIVERS\mslldp.sys [66560 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 MSPCLOCK; C:\Windows\system32\drivers\MSPCLOCK.sys [7040 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 MSPQM; C:\Windows\system32\drivers\MSPQM.sys [6784 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 MSTEE; C:\Windows\system32\drivers\MSTEE.sys [7936 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 MTConfig; C:\Windows\System32\drivers\MTConfig.sys [13312 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U2 NativeWifiP; C:\Windows\system32\DRIVERS\nwifi.sys [445440 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 NdisCap; C:\Windows\system32\DRIVERS\ndiscap.sys [43008 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 NdisImPlatform; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 NdisTapi; C:\Windows\system32\DRIVERS\ndistapi.sys [24576 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 Ndisuio; C:\Windows\system32\DRIVERS\ndisuio.sys [60416 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 NdisWan; C:\Windows\system32\DRIVERS\ndiswan.sys [220672 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 NdisWanLegacy; C:\Windows\system32\DRIVERS\ndiswan.sys [220672 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U2 Ndu; C:\Windows\System32\drivers\Ndu.sys [103424 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [48128 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [282624 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 netvsc; C:\Windows\System32\drivers\netvsc63.sys [87040 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U1 npsvctrig; C:\Windows\System32\drivers\npsvctrig.sys [23040 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [39424 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U1 Null; C:\Windows\System32\Drivers\Null.sys [5632 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 Parport; C:\Windows\System32\drivers\parport.sys [94208 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663040 2014-09-24] (Microsoft Corporation) [Datei ist nicht signiert]
U3 Processor; C:\Windows\System32\drivers\processr.sys [92160 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U1 Psched; C:\Windows\system32\DRIVERS\pacer.sys [151040 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [47104 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [17408 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 RasPppoe; C:\Windows\system32\DRIVERS\raspppoe.sys [84992 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [408576 2014-09-24] (Microsoft Corporation) [Datei ist nicht signiert]
U3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [22528 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [195584 2014-09-24] (Microsoft Corporation) [Datei ist nicht signiert]
U3 RFCOMM; C:\Windows\System32\drivers\rfcomm.sys [167424 2015-03-10] (Microsoft Corporation) [Datei ist nicht signiert]
U2 rspndr; C:\Windows\system32\DRIVERS\rspndr.sys [80384 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 RTL8168; C:\Windows\system32\DRIVERS\Rt630x64.sys [591360 2013-06-18] (Realtek ) [Datei ist nicht signiert]
U3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [7168 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [40960 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 Serenum; C:\Windows\System32\drivers\serenum.sys [23040 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 Serial; C:\Windows\System32\drivers\serial.sys [83456 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 sermouse; C:\Windows\System32\drivers\sermouse.sys [26112 2014-11-04] (Microsoft Corporation) [Datei ist nicht signiert]
U3 sfloppy; C:\Windows\System32\drivers\sfloppy.sys [17408 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2015-07-01] (Synaptics Incorporated)
U2 srv; C:\Windows\System32\DRIVERS\srv.sys [416768 2016-03-09] (Microsoft Corporation) [Datei ist nicht signiert]
U3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [678400 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [246272 2014-09-24] (Microsoft Corporation) [Datei ist nicht signiert]
U2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [49152 2014-09-24] (Microsoft Corporation) [Datei ist nicht signiert]
U1 tdx; C:\Windows\system32\DRIVERS\tdx.sys [108032 2015-10-13] (Microsoft Corporation) [Datei ist nicht signiert]
U3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56320 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [29696 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 tunnel; C:\Windows\system32\DRIVERS\tunnel.sys [154112 2015-09-04] (Microsoft Corporation) [Datei ist nicht signiert]
U4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [316416 2015-05-12] (Microsoft Corporation) [Datei ist nicht signiert]
U3 umbus; C:\Windows\System32\drivers\umbus.sys [46080 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 UmPass; C:\Windows\System32\drivers\umpass.sys [11776 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 usbcir; C:\Windows\System32\drivers\usbcir.sys [98304 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 usbohci; C:\Windows\System32\drivers\usbohci.sys [30208 2015-12-09] (Microsoft Corporation) [Datei ist nicht signiert]
U3 usbprint; C:\Windows\System32\drivers\usbprint.sys [26112 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 usbscan; C:\Windows\System32\drivers\usbscan.sys [44544 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 usbuhci; C:\Windows\System32\drivers\usbuhci.sys [37376 2015-12-09] (Microsoft Corporation) [Datei ist nicht signiert]
U3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [212736 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [21760 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U1 vwififlt; C:\Windows\system32\DRIVERS\vwififlt.sys [71680 2014-04-30] (Microsoft Corporation) [Datei ist nicht signiert]
U3 vwifimp; C:\Windows\system32\DRIVERS\vwifimp.sys [38912 2014-04-30] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WacomPen; C:\Windows\System32\drivers\wacompen.sys [26752 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-08-12] (Microsoft Corporation)
U3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-08-12] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-08-12] (Microsoft Corporation)
U3 WinUsb; C:\Windows\System32\drivers\WinUsb.sys [78848 2015-12-09] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WmiAcpi; C:\Windows\System32\drivers\wmiacpi.sys [16384 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [113664 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WUDFRd; C:\Windows\System32\drivers\WUDFRd.sys [226304 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WUDFWpdFs; C:\Windows\System32\drivers\WUDFRd.sys [226304 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
U3 WUDFWpdMtp; C:\Windows\System32\drivers\WUDFRd.sys [226304 2015-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-27 02:04 - 2016-04-27 02:07 - 00058274 _____ C:\Users\Mel\Downloads\FRST.txt
2016-04-24 19:09 - 2016-04-24 19:09 - 00003484 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2016-04-22 03:33 - 2016-04-22 03:33 - 00001065 _____ C:\Users\Mel\Desktop\JRT.txt
2016-04-22 03:22 - 2016-04-22 03:23 - 01610352 _____ (Malwarebytes) C:\Users\Mel\Downloads\JRT.exe
2016-04-22 02:57 - 2016-04-22 03:07 - 00000000 ____D C:\AdwCleaner
2016-04-22 02:56 - 2016-04-22 02:57 - 03683904 _____ C:\Users\Mel\Downloads\AdwCleaner_5.112.exe
2016-04-20 21:13 - 2016-04-20 22:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-04-20 20:50 - 2016-04-20 22:16 - 00000000 ____D C:\Users\Mel\Desktop\mbar
2016-04-20 20:49 - 2016-04-20 20:50 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Mel\Downloads\mbar-1.09.3.1001.exe
2016-04-20 04:21 - 2016-04-20 04:21 - 00053994 _____ C:\Users\Mel\Desktop\ScanLog Malwarebytes.txt
2016-04-20 03:23 - 2016-04-20 03:25 - 00356669 _____ C:\Users\Mel\Downloads\Addition.txt
2016-04-20 03:20 - 2016-04-20 03:25 - 00000000 ____D C:\FRST
2016-04-20 03:18 - 2016-04-20 03:18 - 02375680 _____ (Farbar) C:\Users\Mel\Downloads\FRST64.exe
2016-04-20 03:12 - 2016-04-20 20:51 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-20 03:12 - 2016-04-20 03:13 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-20 03:12 - 2016-04-20 03:12 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-20 03:12 - 2016-04-20 03:12 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-20 03:12 - 2016-04-20 03:12 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-04-20 03:12 - 2016-04-20 03:12 - 00001116 _____ C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2016-04-20 03:12 - 2016-04-20 03:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-20 03:12 - 2016-04-20 03:12 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-04-20 03:09 - 2016-04-20 03:09 - 01475080 _____ C:\Users\Mel\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2016-04-18 02:19 - 2016-04-18 02:19 - 00107206 _____ C:\Users\Mel\Desktop\KfzVersicherung_eVB_1411-0177-3540-59.pdf
2016-04-18 02:11 - 2016-04-18 02:11 - 00236557 _____ C:\Users\Mel\Desktop\Versicherungsbedingungen_ROLAND_Schutzbrief.pdf
2016-04-16 11:24 - 2016-04-16 11:24 - 00000000 ____D C:\ProgramData\Comodo Downloader
2016-04-15 10:29 - 2016-04-15 10:29 - 00200202 _____ C:\Users\Mel\Downloads\BYAFFTD.pdf
2016-04-13 15:15 - 2016-04-22 03:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-13 14:39 - 2016-04-13 03:32 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-13 14:39 - 2016-04-13 03:32 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-13 03:10 - 2016-04-13 03:10 - 25817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 15415808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 13811712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 02892800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 02285056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-04-13 03:10 - 2016-04-13 03:10 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-04-13 03:10 - 2016-04-13 03:10 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-04-13 03:10 - 2016-04-13 03:10 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-04-13 03:10 - 2016-04-13 03:10 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-04-13 03:10 - 2016-04-13 03:10 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 02609152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 01455104 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2016-04-13 03:09 - 2016-04-13 03:09 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00952928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 03:09 - 2016-04-13 03:09 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-04-13 03:09 - 2016-04-13 03:09 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-04-13 03:09 - 2016-04-13 03:09 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-04-13 03:09 - 2016-04-13 03:09 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-04-13 03:09 - 2016-04-13 03:09 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2016-04-13 03:09 - 2016-04-13 03:09 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2016-04-13 03:09 - 2016-02-03 17:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2016-04-13 03:08 - 2016-04-13 03:08 - 22365472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 07452512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 02757616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 02592256 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 01663192 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 03:08 - 2016-04-13 03:08 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 03:08 - 2016-04-13 03:08 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 01133752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 03:08 - 2016-04-13 03:08 - 00955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 03:08 - 2016-04-13 03:08 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 03:08 - 2016-04-13 03:08 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-04-13 03:08 - 2016-04-13 03:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00273264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 03:08 - 2016-04-13 03:08 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 03:08 - 2016-04-13 03:08 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 03:08 - 2016-04-13 03:08 - 00099672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2016-04-13 03:08 - 2016-04-13 03:08 - 00072024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-04-13 03:07 - 2016-04-13 03:07 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-04-13 03:07 - 2016-04-13 03:07 - 00551256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-04-13 03:07 - 2016-04-13 03:07 - 00316760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-04-13 03:07 - 2016-04-13 03:07 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-09 00:04 - 2016-04-09 00:04 - 00000000 __HDC C:\ProgramData\{05EE3202-A879-4F9D-895C-AC535855E0A9}
2016-04-08 01:31 - 2016-04-08 01:31 - 00001982 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-04-08 01:31 - 2016-04-08 01:31 - 00001982 _____ C:\ProgramData\Desktop\McAfee Security Scan Plus.lnk
2016-04-08 01:31 - 2016-04-08 01:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-04-08 01:28 - 2016-04-08 01:28 - 00000000 ____D C:\Program Files (x86)\Comodo
2016-04-04 09:09 - 2016-04-04 09:09 - 00423918 _____ C:\Users\Mel\Downloads\KV ***** Touran.pdf
2016-04-03 03:24 - 2016-04-03 03:24 - 02167958 _____ C:\Users\Mel\Downloads\Datenblatt Magnolythe S100(1).pdf
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-27 02:06 - 2015-05-26 00:13 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2016-04-27 02:05 - 2015-10-13 20:03 - 00000562 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3436712697-1915681797-834199881-1001.job
2016-04-27 02:04 - 2015-06-30 00:27 - 00023808 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2016-04-27 02:03 - 2015-06-30 02:23 - 00000000 ____D C:\Users\Mel\AppData\Local\ClassicShell
2016-04-27 01:27 - 2013-06-03 23:29 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-27 01:22 - 2014-01-27 15:37 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-27 00:15 - 2015-10-13 20:03 - 00000658 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3436712697-1915681797-834199881-1001.job
2016-04-26 23:33 - 2013-08-15 22:22 - 00000000 ____D C:\Users\Mel\AppData\Roaming\MediaMonkey
2016-04-23 23:55 - 2015-05-27 02:29 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-22 03:51 - 2013-05-30 17:30 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3436712697-1915681797-834199881-1001
2016-04-22 03:24 - 2014-01-27 15:38 - 00002209 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-22 03:22 - 2014-01-27 15:37 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-22 03:20 - 2013-02-28 13:08 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-04-22 03:17 - 2014-01-27 15:37 - 00004102 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-22 03:17 - 2014-01-27 15:37 - 00003866 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-22 03:12 - 2014-03-27 02:36 - 00000000 ____D C:\Users\Mel\Desktop\NH
2016-04-22 03:10 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-22 03:09 - 2015-06-08 03:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-22 03:09 - 2014-11-08 03:32 - 00000000 ____D C:\Users\Mel
2016-04-20 08:17 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-04-20 00:14 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-04-16 11:15 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-15 22:38 - 2015-10-13 20:03 - 00003648 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3436712697-1915681797-834199881-1001
2016-04-15 22:38 - 2015-10-13 20:03 - 00003552 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3436712697-1915681797-834199881-1001
2016-04-15 01:08 - 2014-09-24 07:43 - 02048530 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-15 01:08 - 2014-09-24 07:43 - 00581024 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-15 00:55 - 2016-03-18 21:37 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 36.lnk
2016-04-15 00:55 - 2014-06-04 00:50 - 00003862 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1381657778
2016-04-15 00:55 - 2013-10-13 11:49 - 00000000 ____D C:\Program Files (x86)\Opera
2016-04-14 00:16 - 2016-03-27 19:15 - 00000000 ____D C:\Users\Mel\Desktop\THEORIE Unterricht
2016-04-13 16:58 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 14:36 - 2013-08-22 16:44 - 00493336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-13 03:39 - 2015-04-15 08:22 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-13 03:39 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-04-13 03:39 - 2013-08-08 19:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 03:36 - 2013-06-01 15:44 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 03:04 - 2016-01-15 00:43 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-04-13 03:02 - 2016-03-09 00:12 - 01737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-04-13 03:02 - 2016-03-09 00:12 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-04-13 03:02 - 2016-03-09 00:12 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-04-11 04:02 - 2015-11-14 23:38 - 01130496 ___SH C:\Users\Mel\Desktop\Thumbs.db
2016-04-11 03:41 - 2014-09-24 08:17 - 02135110 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-09 22:27 - 2015-05-27 02:29 - 00003846 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-04-09 22:27 - 2013-06-03 23:29 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-04-08 18:59 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-08 01:31 - 2015-11-14 23:43 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-04-08 01:17 - 2013-10-12 20:30 - 00000000 ____D C:\Users\Mel\Desktop\Kram
2016-04-08 01:16 - 2013-10-12 20:31 - 00000000 ____D C:\Users\Mel\Desktop\Verwaltung
2016-04-06 14:19 - 2015-04-01 18:50 - 00846104 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2016-04-06 14:19 - 2015-04-01 18:50 - 00138560 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2016-04-06 14:19 - 2015-04-01 18:50 - 00045600 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2016-04-06 14:19 - 2015-04-01 18:50 - 00032224 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2016-04-06 14:17 - 2015-04-01 18:48 - 00051800 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2016-04-06 14:16 - 2015-04-01 18:48 - 00596232 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2016-04-06 14:16 - 2015-04-01 18:48 - 00461648 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2016-04-06 14:14 - 2015-04-01 18:47 - 00365752 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2016-04-06 14:14 - 2015-04-01 18:46 - 00051896 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll
2016-04-06 14:12 - 2015-04-01 18:45 - 00296120 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2016-04-06 14:11 - 2015-04-01 18:45 - 00046776 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll
2016-04-06 01:46 - 2014-01-27 01:05 - 00068258 _____ C:\Users\Mel\Desktop\Notizen.odt
2016-03-31 23:10 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-12-14 23:30 - 2015-12-14 23:30 - 0001473 _____ () C:\Users\Mel\AppData\Local\recently-used.xbel
2013-06-02 16:13 - 2013-06-02 16:13 - 0000032 _____ () C:\ProgramData\Temp.log
2013-02-28 13:04 - 2013-02-28 13:05 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-02-28 12:59 - 2013-02-28 13:01 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-02-28 13:01 - 2013-02-28 13:02 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-02-28 12:59 - 2013-02-28 12:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-02-28 13:02 - 2013-02-28 13:04 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
Einige Dateien in TEMP:
====================
C:\Users\Mel\AppData\Local\Temp\libeay32.dll
C:\Users\Mel\AppData\Local\Temp\msvcr120.dll
C:\Users\Mel\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe
[2016-03-09 00:11] - [2016-03-09 00:11] - 0570880 ____A (Microsoft Corporation) B1102BBDDD9C87B3D609D6C08F7A3DBD
C:\WINDOWS\system32\wininit.exe
[2015-12-09 00:00] - [2015-12-09 00:00] - 0146432 ____A (Microsoft Corporation) EC302D06155F8E3C383750993FCB6B27
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll
[2015-12-09 00:00] - [2015-12-09 00:00] - 1376256 ____A (Microsoft Corporation) 72DF14DA8F1CC15F7BE4176DE0404D9E
C:\WINDOWS\system32\userinit.exe
[2015-04-15 15:37] - [2015-04-15 15:37] - 0026112 ____A (Microsoft Corporation) 5C131534A3EA4A461A793FB507A8004F
C:\WINDOWS\SysWOW64\userinit.exe
[2015-04-15 15:37] - [2015-04-15 15:37] - 0022528 ____A (Microsoft Corporation) D10643FC0095434C819316CA6CD748C0
C:\WINDOWS\system32\rpcss.dll
[2016-04-13 03:09] - [2016-04-13 03:09] - 0817664 ____A (Microsoft Corporation) E4220FD9C7F1579D9C5F9DFB00427841
C:\WINDOWS\system32\dnsapi.dll
[2015-04-15 21:00] - [2015-04-15 21:00] - 0657920 ____A (Microsoft Corporation) A5675939CF0F99B20B5A3CFCC3C1B46A
C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-04-15 21:00] - [2015-04-15 21:00] - 0498688 ____A (Microsoft Corporation) BD9C7A068C46053F8747CEA73B5930AB
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-04-23 23:36
==================== Ende von FRST.txt ============================
Geändert von Kaffee (27.04.2016 um 01:38 Uhr) |
|
27.04.2016, 01:19
| #14 |
| | Spam - Mails mit meinem Absender an mein AdressbuchCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Mel (2016-04-27 02:08:26)
Gestartet von C:\Users\Mel\Downloads
Windows 8.1 (X64) (2014-11-08 13:08:36)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3436712697-1915681797-834199881-500 - Administrator - Disabled)
Gast (S-1-5-21-3436712697-1915681797-834199881-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3436712697-1915681797-834199881-1028 - Limited - Enabled)
Mel (S-1-5-21-3436712697-1915681797-834199881-1001 - Administrator - Enabled) => C:\Users\Mel
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
5KPlayer 2.1 (HKLM-x32\...\5KPlayer_is1) (Version: - DearMob, Inc.)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{306823F5-9E3B-6FEA-77B0-C9F9B725D7C4}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Chromodo (HKLM-x32\...\Chromodo) (Version: 48.12.18.254 - Comodo)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
COMODO Antivirus (HKLM\...\{73830292-868E-4C82-9AF5-CCFE2047B6A3}) (Version: 8.2.0.4508 - COMODO Security Solutions Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{B57A8AFE-6735-4497-BD52-BD2F838F5CF0}) (Version: 1.2.1.31 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.1.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.59.74 - Dell Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.16483 - Landesfinanzdirektion Thüringen)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.42.716 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.42.716 - DVDVideoSoft Ltd.)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoPro App (x32 Version: 5.7.549 - GoPro, Inc.) Hidden
GoPro Studio 2.5.7 (HKLM-x32\...\{b996dca2-156c-4d2c-b9a3-59fac08cef33}) (Version: 2.5.7.549 - GoPro, Inc.)
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-3436712697-1915681797-834199881-1001\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
K-Lite Codec Pack 10.7.1 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.7.1 - )
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{AB8304F0-383F-4F80-8988-87727C415BF7}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 (HKLM\...\MX.{FFDC29E6-5C7C-4AA8-AF5A-99E015165382}) (Version: 14.0.0.159 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 (Version: 14.0.0.159 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 6.1.2 - CEWE Stiftung u Co. KGaA)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 de)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 36.0.2130.65 (HKLM-x32\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software)
PDF24 Creator 6.0.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PhotoFiltre 7 (HKU\S-1-5-21-3436712697-1915681797-834199881-1001\...\PhotoFiltre 7) (Version: - )
PowerXpressHybrid (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
PrivDog (HKLM\...\{C01D249F-23DA-45B1-A5FF-12ECD647D5C6}) (Version: 3.0.108.0 - PrivDog.com)
PrivDog 2 Legacy Browser Plug-ins (HKLM-x32\...\PrivDog) (Version: 2.2.0.14 - privdog.com)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RadiAnt DICOM Viewer (64-bit) (HKLM-x32\...\RadiAnt64) (Version: 1.9.16.7446 - Medixant)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6741 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Visual Business Cards 4 (HKLM-x32\...\Visual Business Cards 4_is1) (Version: - Tailwag Software)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.3900 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{6D44919D-A87F-4D57-841E-4DA3354D29EE}) (Version: 23.00.1146 - Buhl Data Service GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3436712697-1915681797-834199881-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3436712697-1915681797-834199881-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Mel\AppData\Local\Citrix\GoToMeeting\3499\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {04BFA561-CB39-4347-9EC9-17ABC78B4C21} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-29] (Adobe Systems Incorporated)
Task: {0C0ADFC6-6EC1-44CD-9732-8ADB0A95B6CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-11-08] (Apple Inc.)
Task: {329B52CD-4F6A-4F9A-BF31-72FB7E9EEA8D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-03-21] (Dell Inc.)
Task: {37746AE9-A856-46FD-A4E0-5633BE2914F2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-04-09] (Adobe Systems Incorporated)
Task: {3CE59B5C-AA0D-41EA-8209-39F2946B3F98} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-15] (COMODO)
Task: {41893B4C-D665-45E2-AB0F-B79CE4E07491} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {42B0E4EE-30EE-4E09-B539-86B7E178917D} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-04-13] (COMODO)
Task: {516D846E-8AF5-454B-844D-15DD14E0CE03} - System32\Tasks\Opera scheduled Autoupdate 1381657778 => C:\Program Files (x86)\Opera\launcher.exe [2016-04-15] (Opera Software)
Task: {6C341080-73A6-4A35-8535-11859CE13D20} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {76CF64AF-1C51-42F6-B9E7-EB1588BD34F4} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-15] (COMODO)
Task: {821EC7C5-9F97-4C39-AF4D-AED3FC041537} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-28] (Piriform Ltd)
Task: {90DAEC80-C73D-40E0-8882-80DE0C997078} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-15] (COMODO)
Task: {966E332A-D1A1-45A7-83CE-9228FA0C9C10} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-04-13] (COMODO)
Task: {A77BF21E-2652-41D6-8801-92426AA6A96B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-09] (Adobe Systems Incorporated)
Task: {B7EB21BB-9D0A-4175-B8DA-844C33B2E3D5} - System32\Tasks\G2MUpdateTask-S-1-5-21-3436712697-1915681797-834199881-1001 => C:\Users\Mel\AppData\Local\Citrix\GoToMeeting\4800\g2mupdate.exe [2016-04-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {BB7B344A-DAD0-4407-BB51-8DD17BD50392} - System32\Tasks\G2MUploadTask-S-1-5-21-3436712697-1915681797-834199881-1001 => C:\Users\Mel\AppData\Local\Citrix\GoToMeeting\4800\g2mupload.exe [2016-04-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {BCE38CFF-A98D-4410-918C-D4972A5184B7} - System32\Tasks\avastBCLRestartS-1-5-21-3436712697-1915681797-834199881-1001 => Chrome.exe
Task: {BF598F5D-B55A-437B-BD23-444AAD22DFDC} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-15] (COMODO)
Task: {C166FC38-9DF9-4A14-B317-716D101EFC35} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {CA53B138-9EA7-45DC-B604-32A39B16E273} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-09-04] ()
Task: {D2C1060F-54E3-4246-ADE2-1FEE118EAC67} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-25] (PC-Doctor, Inc.)
Task: {D7E6D9BA-2DCB-4EAC-9AE9-CCCE99B6FCD9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-22] (Google Inc.)
Task: {FED6DA46-EB72-41D6-8CDA-371C59511E3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-22] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => C:\ProgramData\cisB59C.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3436712697-1915681797-834199881-1001.job => C:\Users\Mel\AppData\Local\Citrix\GoToMeeting\4800\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3436712697-1915681797-834199881-1001.job => C:\Users\Mel\AppData\Local\Citrix\GoToMeeting\4800\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-29 20:00 - 2012-10-29 20:00 - 00047480 _____ () c:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2015-05-08 20:50 - 2015-05-08 20:50 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-06-04 21:48 - 2015-06-04 21:48 - 01616384 _____ () C:\Program Files (x86)\MediaMonkey\MediaMonkey64Helper.exe
2015-01-08 23:02 - 2016-03-16 12:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2016-03-25 23:05 - 2016-03-24 01:43 - 00111352 _____ () C:\Program Files\Dell\SupportAssist\libCSharpCommonCS.dll
2016-03-25 23:05 - 2016-03-24 01:43 - 00553720 _____ () C:\Program Files\Dell\SupportAssist\libAsapiCSharp.dll
2016-02-21 03:14 - 2016-02-21 03:14 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\8e749780289ceb24f72730345e019061\PSIClient.ni.dll
2013-02-28 12:50 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\hh.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\twain_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\winhlp32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\write.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\accessibilitycpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acledit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acppage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\activeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adhapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsldp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsldpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adtschema.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\advpack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aecache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AepRoam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitagent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\alg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AltTab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\amstream.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Apphlpdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appsruprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxApplicabilityEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ARP.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aspnet_counters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\at.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AtBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atlthunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\attrib.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\auditcse.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authfwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthFWGP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthFWSnapin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthFWWizFwk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHostProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AutoWorkplaceN.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\avicap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\avifil32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\avrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AxInstSv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AxInstUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\azroles.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\azroleui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AzSqlExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\backgroundTaskHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\batmeter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdboot.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BCP47Langs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdaplgin.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bderepair.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BdeUISrv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bidispl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BioCredProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizardElev.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsigd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsprx2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\bitsprx3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsprx4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsprx5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsprx6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bitsprx7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\blb_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootim.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootsect.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\brdgcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bridgeunattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrokerLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browseui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bthci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthHFSrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthMtpContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bthpanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthpanContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bthprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bthserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthSQM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bthudtask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\btpanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Bubbles.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BulkOperationHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BWContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cabinet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cabview.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\calc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.ProxyStub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CameraSettingsUIHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\capisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\catsrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\catsrvps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cca.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdosys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certca.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certCredProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollCtrl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertPolEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certreq.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cfgmgr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cfmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cfmifsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chcp.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CheckNetIsolation.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chkdsk.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chkntfs.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chkwudrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\choice.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CHxReadingStringIME.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cipher.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CIRCoInst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clbcatq.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cleanmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clip.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudNotifications.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmcfg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmdext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmdial32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmdkey.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmdl32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmlua.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmmon32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmpbk32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmstp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmstplua.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cngcredui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cnvfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cofire.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cofiredm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\colbact.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\colorcpl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\colorui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comcat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\compact.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CompMgmtLauncher.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ComputerDefaults.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comrepl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comuid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\connect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConnectedAccountState.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConsentUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\console.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\control.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\convert.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\correngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredentialMigrationHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredentialUIBroker.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptcatsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\crypttpmeksvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptuiwizard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cscdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CSystemEventsBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cttune.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cttunesvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_ISCII.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3d10core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3d8thk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dabapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DAConn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafupnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafWCN.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafWfdProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DAFWSD.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DAMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DaOtpCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dataclen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\datusage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\davhlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbghelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbnetlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbnmpntw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dccw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dcomcnfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDACLSys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddodiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDOIProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDORes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DefaultDeviceManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DefaultPrinterProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Defrag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\defragproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\defragsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\desk.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deskadp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deskmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevDispItemProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceDisplayStatusManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceDriverRetrievalClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceEject.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceElementSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceProperties.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManagerAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceUxRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\devmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevPropMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devrtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfdts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DFDWiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfrgui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DfsShlEx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcmonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DHCPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DiagCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\difxapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dimsjob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dinput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dinput8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diskcomp.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diskpart.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diskraid.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dispci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dispdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dispex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DisplaySwitch.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\djoin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllhst3g.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmdlgs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmdskmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmintf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmloader.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmocx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmsynth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmusic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmvdsitf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmview.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnscacheugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnshc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\docprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\doskey.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3api.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3cfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Dot3Conn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3dlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3gpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3gpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3hc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3mm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3msm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3svc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3ui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapimig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DpiScaling.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\driverquery.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drtprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drttransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\dsdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dskquota.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dskquoui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DsmUserTask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsound.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsparse.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsrole.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dssec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dssenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Dsui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsuiext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\dswave.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\dtsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\duser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dvdplay.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dvdupgrd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwm.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmredir.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWWIN.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxdiagn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgwdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Dxpserver.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DxpTaskSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxva2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Eap3Host.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappprxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\eapprovp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EAPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eapsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easconsent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EaseOfAccessDialog.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.proxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsadu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efslsaext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EhStorAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EhStorAuthn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EhStorPwdMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EhStorShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ELSCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\elshyph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\elslad.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\elsTrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energyprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energytask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eqossnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\es.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentprf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eudcedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EventAggregation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eventcls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eventcreate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eventvwr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\expand.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\extrac32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Faultrep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdBthProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FdDevQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdeploy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdPHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdPnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FDResPub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdSSDP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdWCN.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdWNet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdWSD.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\feclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhautoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcleanup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhevents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhlisten.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhmanagew.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhshl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsrchapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsrchph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsvcctl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhtask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FileAppxStreamingDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\filemgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\find.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\findnetprinters.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\findstr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\finger.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Firewall.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FirewallControlPanel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fltLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fltMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Fondue.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontview.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\forfiles.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\format.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fphc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\framedyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\framedynos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\frprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fsavailux.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fsquirt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fsutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fsutilext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fthsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ftp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fundisc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecerts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveskybackup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMEX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMPOSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSCOVER.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSMON.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSROUTE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSST.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXST30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSTIFF.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSUNATD.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FXSUTILITY.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\g711codc.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gacinstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gcdef.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GEARAspi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\getmac.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\getuname.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\glcndFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\glmf32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\globinputhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\glu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpprnext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpresult.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpupdate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Groupinghc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\grpconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hbaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hcproviders.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\help.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HelpPaneProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hhctrl.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hhsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hidphone.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hidserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hnetcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hnetmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HOSTNAME.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hotplug.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hotspotauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\httpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\httpprxp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\htui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hwrcomp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hwrreg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ias.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iasacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iasads.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iasdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iashlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IasMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iasnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iaspolcy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iasrad.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iasrecst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iassam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iassdo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iassvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icmui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IconCodecService.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\icsigd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsunattend.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdListen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\idndl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IDStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ifmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ifsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ifsutilx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igdDiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imaadp32.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imagehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\immersivetpmvscmgrsvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetmib1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetpp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetppui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InfDefaultInstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputSwitch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\intl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipconfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iprtprio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipsecsnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipsmsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\irclass.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\irftp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\irmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\irprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsicli.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsidsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsied.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiexe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsium.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmiv2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\isoburn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\itircl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\itss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iuilp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iyuv_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jnwmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\joy.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZST.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KdsCli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kdusb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kd_02_8086.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\keepaliveprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kernel.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kernelceip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\keyiso.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\keymgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\klist.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kmddsp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KMSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\korwbrkr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ksetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kstvtune.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Kswdmcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ksxbar.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ktmutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ktmw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\l2gpstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\l2nacp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\L2SecHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\l3codeca.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\l3codecp.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\label.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LangCleanupSysprepAction.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LAPRXY.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchTM.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\linkinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\livessp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LldpNotify.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lltdapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lltdsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lmhsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\loadperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\localsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\localui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LocationNotifications.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Locator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\logagent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\loghours.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\logoncli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogonUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpk.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\lpkinstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpksetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpksetupproxyserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\luainstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Magnification.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Magnify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaintenanceUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\makecab.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeXmlParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mblctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mbussdapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mcbuilder.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mciavi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mcicda.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mciqtz32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mciseq.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mciwave.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\McxDriv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDMAgent.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mdminst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MdRes.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MdSched.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MemoryDiagnostic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf3216.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfAACEnc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcsubs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfdvdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfh264enc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mftranscode.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mgmtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mibincodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\midimap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\migflt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\miguiresource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mimefilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mimofcodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MirrorDrvCompat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\miutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mlang.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmcbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmcico.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmcndmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmcshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmcss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmsys.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mobsync.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mode.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modemui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\montr_ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\more.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mountvol.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Mpeg2Data.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mpg2splt.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mpnotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRINFO.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MrmIndexer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msaatext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msacm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msacm32.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msadp32.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msaudite.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msauserext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscat32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msched.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSchedExe.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msconfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfime.ime:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MsCtfMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdadiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdart.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdelta.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdri.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtckrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtclog.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSDvbNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msg711.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msgsm32.acm:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MsiCofire.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msidcrl40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msident.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msidle.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msieftp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msiltcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msimg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msimtf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msisip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msiwer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msls31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msoeacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msoert2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspatcha.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspatchc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msports.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msrahc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msrdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msrle32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msscntrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssha.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msshooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssign32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssip32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msTextPrediction.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcirt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcp120_clr0400.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcp60.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcr120_clr0400.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvfw32.dll:$CmdTcID [64]
|
|
27.04.2016, 01:22
| #15 |
| | Spam - Mails mit meinem Absender an mein AdressbuchCode:
ATTFilter AlternateDataStreams: C:\WINDOWS\system32\msvidc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSWB7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSWB70011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSWB7001E.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSWB70404.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSWB70804.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mswmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mtstocom.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mtxdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mtxex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\muifontsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MUILanguageCleanup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MuiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mycomput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mydocs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Mystify.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\napdsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NapiNSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\napipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAPMONTR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAPSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Narrator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nbtstat.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NcaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NcaSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncbservice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NcdAutoSetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NcdProp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncobjapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncpa.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncryptprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncuprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nddeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndfapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndfetw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndfhcdiscovery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndiscapCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndishc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NdisImPlatform.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ndproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nduprov.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\negoexts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\net.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\net1.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netbios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netcenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netcorehc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netdiagfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetEvtFwdr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netjoin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netlogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Netplwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netprofm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netprofmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netprovisionsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netsh.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NETSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetVscCoinstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\networkexplorer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\networkitemfactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkStatus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\newdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\newdev.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ninput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NL7Data001E.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0404.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0804.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlahc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlhtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlmgp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlmsprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0000.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0002.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0003.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0007.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData000a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData000c.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData000d.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData000f.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0010.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0018.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData001a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData001b.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData001d.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0020.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0021.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0022.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0024.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0026.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0027.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData002a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0039.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData003e.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0045.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0046.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0047.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0049.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData004a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData004b.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData004c.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NlsData004e.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0414.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0416.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0816.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData081a.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsData0c1a.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Nlsdl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NlsLexicons0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\normaliz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\npmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nrpsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nsisvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nslookup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdsapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ntlanman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntlanui2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntmarta.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\objsel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ocsetapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbcad32.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\odbcbcp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbccp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbccr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbccu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbctrac.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OEMLicense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ogldrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleacchooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oledlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleprn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\onex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\onexui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OobeFldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OpcServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\openfiles.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\opengl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OpenWith.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OptionalFeatures.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\osbaseln.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\osk.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OskSupport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\osuninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\P2P.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\P2PGraph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\p2pnetsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\p2psvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\panmap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PATHPING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pautoenr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcacli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcaui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcaui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPKsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcsvDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcwrun.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcwutl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdhui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\perfts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoMetadataHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\photowiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PickerHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PkgMgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pla.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\plasrv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\playlistfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlaySndSrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToStatusProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ploptin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnpclean.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnppolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnpts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PnPUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PnPutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssoc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssocPrx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnrpauto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Pnrphc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnrpnsp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\pnrpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceClassExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceConnectApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceStatus.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWiaCompat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWMDRM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pots.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powrprof.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\prevhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\print.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelineprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelinesvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\printui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\printui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\prncache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\prnfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\prnntfy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\prntvpt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\procinst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\propsys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\proquota.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provthrd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommonPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityRtapiPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityServicePal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityUxHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\prvdmofcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psisdecd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psisrndr.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PSModuleDiscoveryProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pstask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pstorec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwsso.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\QAGENT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\QAGENTRT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\QCLIPROV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qdv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qmgrprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\QSHVHOST.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\QSVRMGMT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Query.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\QUTIL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qwave.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RacEngn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\racpldlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\radardt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\radarrs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasadhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasauto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasautou.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\raschap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\raschapext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasdiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasdial.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\raserver.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmbmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RASMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmontr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasphone.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasplap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasppp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastlsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcfgex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpendp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpinput.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpSa.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpSaProxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpSaPs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpSaUacHelper.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdrleakdiag.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RDSAppXHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdsdwmdr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDSPnf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdvvmtransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\recimg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\recover.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\recovery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reg.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\regapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RegCtrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\regedt32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\regidle.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\regini.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Register-CimProvider.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\regsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\regsvr32.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ReInfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rekeywiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\remotepg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\remotesp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceElevated.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\repair-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\replace.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\resmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RestoreOptIn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rfxvmt.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\rgb9rast.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Ribbons.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\riched20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\riched32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMActivate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RmClient.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rmttpmvscmgrsvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rnr20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RoamingSecurity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Robocopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RotMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ROUTE.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RpcEpMap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RpcNs4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcnsh.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RpcPing.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RpcRtRemote.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RstrtMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rtffilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rtm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rtutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\runas.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rundll32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RunLegacyCPLElevated.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\runonce.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RuntimeBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sas.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sbeio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scansetting.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SCardDlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SCardSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scavengeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sccls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scecli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schedcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scripto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scrnsave.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scrobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scrrun.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdchange.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdhcinst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdiageng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdiagnhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdiagprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdiagschd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecEdit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sechost.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\secinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\secproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\secproc_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsClassExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sensrsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\serialui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\serwvdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sessionmsg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sethc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SetNetworkLocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SetProxyCredential.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setspn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupcln.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sfc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sfc_os.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sharemediacpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shgina.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shimgvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shlwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shpafact.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shrpubw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\shsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shunimpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shutdown.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shwebsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\signdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sigverif.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SimAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SimCfg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\sisbkup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SkyDrive.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SlideToShutDown.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slpts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SmartcardCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SmartCardSimulator.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SmartScreenSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SMBHelperClass.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smbwmiv2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SmsDeviceAccessRevocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SMSRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SndVol.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SnippingTool.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\snmpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\snmptrap.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SNTSearch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\softkbd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\softpub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sort.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SortServer2003Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SortWindows61.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SortWindows6Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SoundRecorder.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spbcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spfileq.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SPInf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spmpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spopk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spwinsat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spwizeng.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sqlcecompact40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sqlceoledb40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sqlceqp40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sqlcese40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sqlsrv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sqmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srchadmin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srhelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srrstr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SrTasks.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srumapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srumsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\srvcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srvsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sscoreext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ssdpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ssdpsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SSShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ssText3d.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sstpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Startupscan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sti.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StikyNot.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sti_ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Storprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\streamci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\subst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\svchost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\svsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\swprv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\sxproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxshared.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\sxssrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxsstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxstrace.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\synceng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncHostps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructure.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructureps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SynCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Syncreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\syncui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SynTPAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SynTPCo20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sysclass.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sysdm.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\syskey.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sysmon.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sysntfy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\syssetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systeminfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesAdvanced.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesComputerName.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesHardware.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesPerformance.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesProtection.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesRemote.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsDatabase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsRemoveDevice.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\t2embed.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabbtnEx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\takeown.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapi3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapilua.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TapiMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapiperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TapiSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TapiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskhostex.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskkill.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tasklist.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Taskmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskschd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TaskSchdPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcmsetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TcpipSetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcpmib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcpmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcpmonui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TCPSVCS.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\telephon.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\termmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TetheringIeProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TetheringMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TetheringStation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themeservice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\threadpoolwinrt.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ThumbnailExtractionHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TimeDateMUICallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\timeout.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TimeSyncTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tlscsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tpmcompc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmInit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tpmvsc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgrsvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TRACERT.EXE:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\traffic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tree.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\trkwks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tsbyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSChannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSTheme.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TtlsAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TtlsCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TtlsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tvratings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\txflog.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\txfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzsync.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ucmhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\udhisapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\uexfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ufat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UI0Detect.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uicom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uireng.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ulib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umdmxfrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpnpmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpowmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umrdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unattend.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unimdmat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uniplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unlodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unregmp2.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\upnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\upnpcont.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\upnphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ureg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbceip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserAccountBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\userenv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\userinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\userinitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserLanguageProfileCallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ustprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\utildll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uudf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UXInit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uxlib.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\uxtheme.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VAN.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Vault.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VaultCmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VaultRoaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VBICodec.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbisurf.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vdsbas.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vdsdyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vdsldr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vdsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vdsvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vds_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\verclsid.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\verifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\verifier.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\version.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\vfwwdm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vidcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\virtdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmbuspipe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VmdCoinstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmictimeprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnikeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VscMgrPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vssadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vsstrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\w32tm.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\w32topl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WABSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\waitfor.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WallpaperHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WavDest.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wavemsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbemcomn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WcnApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcncsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WcnEapAuthProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WcnEapPeerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WcnNetsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdiasqmmodule.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdmaud.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Websocket.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wecapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wecsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wecutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wephostsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wercplsupport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WerFault.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WerFaultSecure.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wermgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtfwd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WfHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WFS.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\where.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\whhelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\whoami.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiaacmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiaaut.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiadefui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiadss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiarpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiascanprofiles.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiaservc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiatrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wimgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wimserv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winbici.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winbio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winbrand.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Portable.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Renewal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Proximity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Compression.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.RemoteDesktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windowslivelogin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winethc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinFax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Winlangdb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogonext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmmbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinMsoIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winnsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinOpcIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winrnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winrs.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winrscmd.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\winrshost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winrssrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSAT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSATAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winshfhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsku.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsockhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WINSRPC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSyncMetastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSyncProviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winusb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winver.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\witnesswmiv2provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkspbroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkspbrokerAx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wksprt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WLanConn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlandlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlangpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WLanHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlaninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanpref.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanRadioManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Wldap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wldp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlgpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidcredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidfdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidnsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlrmdr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlS0WndH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMASF.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmcodecdspps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmdmlog.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmdmps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmdrmdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmdrmnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmiclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmicmiplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmidcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmidx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmiprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmitomi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMNetMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WmpDui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmsgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVCORE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmvdspa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WofTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WofUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\workerdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wowreg32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpccpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcWebSync.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wpdbusenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpdMtp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpdMtpUS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WPDShextAutoplay.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WPDSp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpd_ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnpinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnsruprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\write.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2help.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscisvif.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSCollect.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSDApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsdchngr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSDMon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSDPrintProxy.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSDScanProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wsepno.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshbth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshcon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wship6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshirda.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshnetbs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wshom.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshqos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSHTCPIP.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmAgent.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsnmp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsock32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsqmcons.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSReset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSTPager.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wtsapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFCoinstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFPlatform.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUDFx02000.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wusa.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwaninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Wwanpref.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WwanRadioManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xcopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XInput1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XInput9_1_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xmlfilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xmllite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xmlprovi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XpsFilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XpsGdiConverter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XpsPrint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XpsRasterService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XPSSHHDR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpssvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xwizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xwizards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xwreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xwtpdui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xwtpw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\accessibilitycpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\acledit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\acppage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\activeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\advpack.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amstream.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Apphlpdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appidapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxSip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ARP.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aspnet_counters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\at.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AtBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atlthunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\attrib.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\audiodev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authfwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWGP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWSnapin.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWWizFwk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\avicap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\avifil32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\avrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroles.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzSqlExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\backgroundTaskHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\batmeter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BCP47Langs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bdaplgin.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bidispl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BioCredProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bootcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\browcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\browseui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthudtask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\btpanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Bubbles.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BWContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabinet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabview.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\calc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\capisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cca.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdosys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certca.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certCredProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertPolEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certreq.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgmgr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chcp.com:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CheckNetIsolation.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkdsk.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkntfs.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\choice.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CHxReadingStringIME.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cipher.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clbcatq.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cleanmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clip.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudNotifications.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmcfg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdial32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdkey.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdl32.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmlua.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmmon32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmpbk32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstplua.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngcredui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cnvfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\colbact.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\COLORCNV.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorcpl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comcat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\compact.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\compstui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ComputerDefaults.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comrepl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comuid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\connect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConnectedAccountState.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\console.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\control.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\convert.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialUIBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypttpmeksvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptuiwizard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ctfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttune.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttunesvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_ISCII.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8thk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim700.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dramp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dxof.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dabapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dataclen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\davhlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbghelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnetlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnmpntw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dccw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomcnfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDACLSys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddodiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDOIProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDORes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultDeviceManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\desk.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskadp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevDispItemProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceProperties.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceUxRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devrtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfrgui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DfsShlEx.dll:$CmdTcID [64]
|
|
| Themen zu Spam - Mails mit meinem Absender an mein Adressbuch |
| .dll, adobe, avast, bonjour, computer, defender, desktop, dnsapi.dll, explorer, failed, firefox, flash player, google, mozilla, prozesse, realtek, registry, scan, security, services.exe, software, spam, svchost.exe, system, windows, winlogon.exe |
Linear-Darstellung
