Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Werde TrojWare.JS.Agend.PD@300743807 nicht los

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 13.07.2015, 22:02   #1
floorballref
 
Werde TrojWare.JS.Agend.PD@300743807 nicht los - Standard

Werde TrojWare.JS.Agend.PD@300743807 nicht los



Moin liebe Helferin oder Helfer,

ich muss sagen, dass ich neu auf diesem Gebiet bin. Ich habe euren Thread zu exakt der gleichen Meldung hier: http://www.trojaner-board.de/168296-...43807-los.html gelesen, aber es heißt ja, dass jedes Problem individuell zu beheben sei.
Bei mir findet Comodo den oben angesprochenen Virus immer wieder, obwohl ich ihn jedes Mal in die Quarantäne schiebe. Beim Rumprobieren habe ich festgestellt, dass der Virus IMMER auftaucht (und zwar SOFORT), wenn ich auf die 9gag.com gehe. Hierzu hatte ich jeweils eine Seite besucht, den Suchlauf gestartet und anschließend den Cache gelöscht. Meine Freundin hat exakt das gleiche Problem auch auf ihrem Rechner. Als ich an ihrem Rechner heute auf 9gag.com gegangen bin, ist auch bei Ihr der Fehler aufgetaucht. Bisher war das bei ihr nicht der Fall, da sie diese Seite sonst nicht besucht.

Zum ersten Mal ist dieser Virus aufgetaucht, nachdem ich einen USB-Stick an meinen PC angeschlossen hatte, den ich zuvor an einem PC (es war ein iMac von Apple) an der Fachhochschule angeschlossen hatte.

Anbei sende ich dir die geforderten Log-Files:

defogger:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:10 on 13/07/2015 (******)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by ****** (administrator) on ****** on 13-07-2015 22:13:01
Running from C:\Users\******\Desktop
Loaded Profiles: ****** (Available Profiles: ******)
Platform: Windows 8.1 Pro N (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(SunplusIT, Inc.) C:\Program Files (x86)\Integrated Camera\Monitor.exe
(Dropbox, Inc.) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [1004032 2014-02-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [341448 2015-03-27] (Lenovo Group Limited)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-08] (COMODO)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1720696 2013-09-27] (SunplusIT, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2015-04-15] (BlackBerry Limited)
HKU\S-1-5-21-648624-2589984946-3326904889-1001\...\Run: [Dropbox Update] => C:\Users\******\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-648624-2589984946-3326904889-1001\...\MountPoints2: {37c4546d-0bd0-11e5-9c61-201a06c783c9} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-648624-2589984946-3326904889-1001\...\MountPoints2: {b35326ca-32e6-11e4-9c03-806e6f6e6963} - "D:\S3\Autorun.exe" 
HKU\S-1-5-21-648624-2589984946-3326904889-1001\...\MountPoints2: {c7af92ee-08ff-11e5-9c60-201a06c783c9} - "F:\LaunchU3.exe" -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-09-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-08-25]
ShortcutTarget: Dropbox.lnk -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-648624-2589984946-3326904889-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-10-06] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-10-06] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{062BDDCD-413C-4660-B390-0F14C718BF4C}: [DhcpNameServer] 31.209.184.234 31.209.184.235
Tcpip\..\Interfaces\{483A2030-A2AF-4B5D-AC22-4F0FCC49B5FB}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{CD675550-FE91-4D4D-8E80-FAA4CBD5C2C9}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\rlt8y14f.default
FF Homepage: www.google.de
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-09] ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-10-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-10-06] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-09] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-11-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\rlt8y14f.default\Extensions\abs@avira.com [2015-07-02]
FF Extension: FoxyProxy Standard - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\rlt8y14f.default\Extensions\foxyproxy@eric.h.jung [2015-05-30]
FF Extension: Adblock Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\rlt8y14f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-25]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2015-04-15] (BlackBerry Limited)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-03-11] (Microsoft Corporation)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959192 2013-02-26] (Broadcom Corporation.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-08] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-08] (COMODO)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-06-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
S3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2014-09-02] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 BTWPANFL; C:\Windows\system32\drivers\btwpanfl.sys [44912 2013-01-20] (Broadcom Corporation.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2015-04-15] (BlackBerry Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2015-04-15] (Research in Motion Ltd)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288480 2012-12-13] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2013-10-30] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1515256 2013-10-09] (Sunplus)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 22:13 - 2015-07-13 22:13 - 00014721 _____ C:\Users\******\Desktop\FRST.txt
2015-07-13 22:12 - 2015-07-13 22:13 - 00000000 ____D C:\FRST
2015-07-13 22:11 - 2015-07-13 22:11 - 02133504 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2015-07-13 22:10 - 2015-07-13 22:10 - 00000000 _____ C:\Users\******\defogger_reenable
2015-07-10 19:35 - 2015-07-10 19:35 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-03 09:28 - 2015-07-05 16:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-28 21:05 - 2015-06-28 21:06 - 00001322 _____ C:\Users\******\Desktop\page_tsv.php
2015-06-25 19:05 - 2015-06-25 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-06-25 19:05 - 2015-06-25 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-06-16 06:57 - 2015-07-13 22:02 - 00001252 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-648624-2589984946-3326904889-1001UA.job
2015-06-16 06:57 - 2015-07-11 07:02 - 00001200 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-648624-2589984946-3326904889-1001Core.job
2015-06-16 06:57 - 2015-06-16 06:57 - 00004206 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-648624-2589984946-3326904889-1001UA
2015-06-16 06:57 - 2015-06-16 06:57 - 00003826 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-648624-2589984946-3326904889-1001Core
2015-06-16 06:57 - 2015-06-16 06:57 - 00000000 ____D C:\Users\******\AppData\Local\Dropbox
2015-06-16 06:57 - 2015-06-16 06:57 - 00000000 ____D C:\ProgramData\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 22:12 - 2014-12-15 07:13 - 00085176 _____ C:\Windows\system32\Drivers\fvstore.dat
2015-07-13 22:10 - 2014-08-24 20:31 - 00000000 ____D C:\Users\******
2015-07-13 22:08 - 2014-08-25 20:57 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2015-07-13 22:06 - 2014-08-24 20:31 - 01384655 _____ C:\Windows\WindowsUpdate.log
2015-07-13 22:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-13 21:55 - 2014-08-25 16:59 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{70CD939C-1548-455F-A8FA-77F618468B8B}
2015-07-13 21:43 - 2014-08-24 20:33 - 02139696 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-13 21:43 - 2013-08-23 01:26 - 01034068 _____ C:\Windows\system32\perfh007.dat
2015-07-13 21:43 - 2013-08-23 01:26 - 00248980 _____ C:\Windows\system32\perfc007.dat
2015-07-13 21:26 - 2014-08-27 14:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-13 15:28 - 2015-04-25 14:29 - 00000566 _____ C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job
2015-07-13 15:26 - 2014-08-25 17:12 - 00000000 ____D C:\Users\******\AppData\Roaming\Dropbox
2015-07-12 21:33 - 2014-09-02 23:39 - 12504164 _____ C:\Users\Public\CAFADEBUG.log
2015-07-12 16:41 - 2015-03-20 12:00 - 00000000 ____D C:\Users\******\AppData\Local\CrashDumps
2015-07-12 15:23 - 2014-09-30 17:31 - 00000000 ____D C:\Users\******\AppData\Roaming\vlc
2015-07-11 23:16 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-10 21:46 - 2014-08-24 20:36 - 00003592 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-648624-2589984946-3326904889-1001
2015-07-10 10:15 - 2013-08-22 16:45 - 00019033 _____ C:\Windows\setupact.log
2015-07-10 10:15 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-10 09:31 - 2015-04-15 19:34 - 00000385 _____ C:\Users\******\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-07-10 09:31 - 2015-04-15 19:34 - 00000385 _____ C:\Users\******\AppData\Roaming\Rim.Desktop.Exception.log
2015-07-09 22:26 - 2014-08-27 14:12 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-09 08:28 - 2014-08-26 00:16 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-09 08:28 - 2014-08-26 00:16 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-06 21:08 - 2015-04-30 13:26 - 00011995 _____ C:\Users\******\Desktop\Arbeitsstunden.xlsx
2015-07-05 16:52 - 2014-08-25 17:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-05 16:52 - 2014-08-24 20:27 - 00240634 _____ C:\Windows\PFRO.log
2015-07-05 15:06 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-30 16:33 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-28 21:15 - 2015-01-04 17:15 - 00000000 ____D C:\Users\******\AppData\Roaming\FileZilla
2015-06-28 14:59 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-25 23:30 - 2015-01-18 16:14 - 00002008 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2015-06-25 23:30 - 2015-01-18 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-06-25 23:30 - 2015-01-18 16:13 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2015-06-25 19:05 - 2014-11-16 18:36 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2015-06-25 19:05 - 2014-11-16 18:35 - 00000000 ____D C:\ProgramData\Lenovo
2015-06-25 19:05 - 2014-09-02 23:37 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-06-24 11:39 - 2014-12-26 10:18 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-19 21:57 - 2014-08-25 17:15 - 00000000 ____D C:\Users\******\AppData\Local\Microsoft Help
2015-06-17 19:58 - 2014-09-16 06:28 - 00000000 ____D C:\Users\******\.gimp-2.8
2015-06-16 15:13 - 2015-06-03 16:11 - 00000094 _____ C:\Users\******\psv.ini
2015-06-16 09:22 - 2015-06-08 16:43 - 00037706 _____ C:\Users\******\Desktop\Start_GT_2.vsdx
2015-06-13 07:36 - 2014-08-27 20:29 - 00000000 ____D C:\Users\******\AppData\Local\Adobe

==================== Files in the root of some directories =======

2014-09-28 10:06 - 2015-01-19 11:37 - 0023384 _____ () C:\Users\******\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2015-04-15 19:34 - 2015-07-10 09:31 - 0000385 _____ () C:\Users\******\AppData\Roaming\Rim.Desktop.Exception.log
2015-04-15 19:33 - 2015-04-15 19:33 - 0001111 _____ () C:\Users\******\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-04-15 19:34 - 2015-07-10 09:31 - 0000385 _____ () C:\Users\******\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-03-17 15:16 - 2015-03-17 15:16 - 0004096 ____H () C:\Users\******\AppData\Local\keyfile3.drm
2015-06-08 11:03 - 2015-06-08 11:03 - 0007159 _____ () C:\Users\******\AppData\Local\recently-used.xbel
2014-09-02 23:38 - 2014-09-02 23:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\******\AppData\Local\Temp\avgnt.exe
C:\Users\******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprbzugf.dll
C:\Users\******\AppData\Local\Temp\install_flashplayer14x32_ltr5x64d_awc_aih.exe
C:\Users\******\AppData\Local\Temp\install_flashplayer15x32au_ltr5x64d_awc_aih.exe
C:\Users\******\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih.exe
C:\Users\******\AppData\Local\Temp\ose00000.exe
C:\Users\******\AppData\Local\Temp\ose00001.exe
C:\Users\******\AppData\Local\Temp\ose00002.exe
C:\Users\******\AppData\Local\Temp\PidGenX.dll
C:\Users\******\AppData\Local\Temp\SkypeSetup.exe
C:\Users\******\AppData\Local\Temp\tempdotnetinstall.exe
C:\Users\******\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-12 14:41

==================== End of log ============================
         
--- --- ---

--- --- ---


Die Fortsetzung der Files findest du in den folgenden Antworten.

Ich würde mich sehr freuen, falls mir jemand helfen kann.

Vielen Dank und einen schönen Abend,

Floorballref

Fortsetzung 1:

Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by ****** at 2015-07-13 22:13:57
Running from C:\Users\******\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-648624-2589984946-3326904889-500 - Administrator - Disabled)
****** (S-1-5-21-648624-2589984946-3326904889-1001 - Administrator - Enabled) => C:\Users\******
Gast (S-1-5-21-648624-2589984946-3326904889-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B20EB44C-5CF4-1ED1-EFB8-FE5E1F8AF49D}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.51.01 - )
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{E755A98B-F45F-4008-A1A5-FC4CB4D2177A}) (Version: 8.0.0.66 - Research In Motion Ltd)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.91 - Broadcom Corporation)
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.00495 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.00495 - Cisco Systems, Inc.) Hidden
COMODO Internet Security Premium (HKLM\...\{D32EF4F9-1506-434E-A813-3D4C0AA50300}) (Version: 7.0.53315.4132 - COMODO Security Solutions Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.27.61 - Conexant)
Die Siedler III Gold Edition (HKLM-x32\...\S3) (Version:  - )
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-648624-2589984946-3326904889-1001\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
FileZilla Client 3.11.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
FluidEXL_Graphics_Stud_Eng_64 (HKLM\...\{5687F741-7915-4352-9497-60DBE76C357E}) (Version: 1.0.0 - Zittau/Goerlitz University of Applied Sciences)
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Integrated Camera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.7.28 - SunplusIT)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.12 - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6000 - Broadcom Corporation)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0037 - Lenovo)
LyX 2.1.3 (HKLM-x32\...\LyX213) (Version: 2.1.3 - LyX Team)
MATLAB R2013b (HKLM\...\Matlab R2013b) (Version: 8.2 - The MathWorks, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM-x32\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
NetBeans IDE 8.0.1 (HKLM\...\nbi-nb-base-8.0.1.0.201408251540) (Version: 8.0.1 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.3 - Notepad++ Team)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29048 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPROR_{115B7592-B71D-4C27-AB34-34268FB199CA}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeX Live 2014 (HKU\S-1-5-21-648624-2589984946-3326904889-1001\...\TeXLive2014) (Version: 2014 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PRJPROR_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

24-06-2015 14:15:59 Windows Update
01-07-2015 17:49:26 Geplanter Prüfpunkt
09-07-2015 10:54:38 Windows Modules Installer

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08C7EB04-0006-476E-A157-2118F5B4C635} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-08] (COMODO)
Task: {168E9986-FB94-40CE-9AE3-CBC838966D44} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {1D2CE371-50BB-4B41-90AD-7AA3ED8EC721} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {35C4E217-D355-4CF2-93F9-0F45E8DE6FBC} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-08] (COMODO)
Task: {4F26D67B-035E-45FC-A142-BDD815FB30EC} - System32\Tasks\{F825F7C1-2315-428F-B73A-E7DD3914823C} => pcalua.exe -a C:\BlueByte\Siedler3\s3.exe -d C:\BlueByte\Siedler3
Task: {5DB01EDF-9F41-40F2-94EC-661CDC75CBE0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated)
Task: {727F7D35-6C6A-4F98-A9F3-784F19263952} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {7BCC23C2-A91B-48D3-8B0B-B615436A1398} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-08] (COMODO)
Task: {91B6A07E-79D3-463A-8BC2-8132EBF3AC78} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-08] (COMODO)
Task: {96FF9D9F-7D92-4112-B0E3-C98740D978D4} - System32\Tasks\MATLAB R2013b Startup Accelerator => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [2015-04-25] ()
Task: {98030246-0E25-4A6D-B076-FAF5CD0DA204} - System32\Tasks\{BD9C797F-4495-4B91-8D2A-642BD59A0BD5} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?source=lightinstaller&page=tsMain
Task: {9BBE35FB-041A-48B7-AA1A-28E3BE474872} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-06-25] ()
Task: {A4152096-8EF4-42ED-BE55-D235BEA9A023} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-08] (COMODO)
Task: {A9585A23-63BB-4D1C-80DB-EAA92CF6CFE8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-648624-2589984946-3326904889-1001Core => C:\Users\******\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {BA60F30B-75B7-4792-8BB6-AF00FE8A698F} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-08] (COMODO)
Task: {C45EC623-4EA1-4836-A1CA-D7478C3653A9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {C7C0FCC1-9F16-4701-AE1B-0C56336F7025} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2015-01-18] (Microsoft Corporation)
Task: {EDEC8EDA-D2A2-4782-94E9-BB5DEFDBE988} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2015-01-18] (Microsoft Corporation)
Task: {F1484E24-EB26-4690-BF33-E4146BDD2D1D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-648624-2589984946-3326904889-1001UA => C:\Users\******\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-648624-2589984946-3326904889-1001Core.job => C:\Users\******\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-648624-2589984946-3326904889-1001UA.job => C:\Users\******\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe

==================== Loaded Modules (Whitelisted) ==============

2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-02-26 18:46 - 2013-02-26 18:46 - 00049368 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-09-02 23:39 - 2010-10-26 12:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2013-04-15 18:39 - 2015-01-09 00:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2012-08-03 21:53 - 2012-08-03 21:53 - 00062968 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-07-13 15:26 - 2015-07-13 15:26 - 00043008 _____ () c:\Users\******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprbzugf.dll
2015-06-16 06:57 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-06-16 06:57 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-06-16 06:57 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-06-16 06:57 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-06-16 06:57 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-06-16 06:57 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-16 06:57 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\HelpPane.exe:$CmdTcID
AlternateDataStreams: C:\Windows\hh.exe:$CmdTcID
AlternateDataStreams: C:\Windows\IsUn0407.exe:$CmdTcID
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\regedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\twain_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\winhlp32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\write.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acledit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aclui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acppage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ActionQueue.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\activeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adhapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adhsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adrclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advpack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aecache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AepRoam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aitagent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\alg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AltTab.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amstream.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppIdPolicyEngineApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appmgmts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppReadiness.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appsruprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppXDeploymentExtensions.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppXDeploymentServer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxStreamingDataSourcePS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxSysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aspnet_counters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\at.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\attrib.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditcse.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuditNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuditPolicyGPInterop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthHostProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AutoWorkplaceN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\avrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AxInstSv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AxInstUI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\baaupdate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcdboot.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcdprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcdsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdechangepin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BdeHdCfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BdeHdCfgLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bderepair.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdesvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BdeSysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BdeUISrv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdeunlock.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BitLockerDeviceEncryption.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BitLockerWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BitLockerWizardElev.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blb_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bootim.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BootMenuUX.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bootsect.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bootux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\brdgcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bridgeunattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BrokerLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthHFSrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthpanapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthpanContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthRadioMedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthSQM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BulkOperationHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cabview.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cacls.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\calc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\capisp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cca.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certca.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\change.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chartv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chcp.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chglogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chgport.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chgusr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chkwudrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\choice.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CIRCoInst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cofire.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cofiredm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\colbact.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\colorui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\combase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comcat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\compact.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CompMgmtLauncher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\compstui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ConsentUX.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\console.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\control.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\convert.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\correngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptcatsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CscMig.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CSystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cttune.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dab.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DAConn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dafBth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dafupnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dafWCN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dafWfdProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DAFWSD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DAMM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\das.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dasHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\datusage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dccw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddpchunk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddptrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddputils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddp_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Defrag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\defragproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\defragsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\desk.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceDriverRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceEject.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceElementSource.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deviceregistration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceSetupManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceSetupManagerAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevPropMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfdts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DFDWiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DfpCommon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DiagCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dialer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dinput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\discan.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dispci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dispdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dispex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Display.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\djoin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnshc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\docprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\doskey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Dot3Conn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3mm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvcfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DscCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DscCoreConfProv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DsmUserTask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsound.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dssec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dswave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dui70.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\duser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmredir.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxgwdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DXP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxpps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Dxpserver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Eap3Host.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\easconsent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\easinvoker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\easinvoker.proxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efslsaext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efssvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efsui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\elslad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\embeddedapplauncher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EmbeddedAppLauncherConfig.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\encapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\energy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\energyprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\energytask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\es.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EventAggregation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\expand.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdPHost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FDResPub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\feclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhautoplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhcat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhcleanup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhengine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhevents.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhlisten.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhmanagew.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhshl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhsrchapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhsrchph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhsvcctl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhtask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FileAppxStreamingDataSource.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\find.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\finger.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Firewall.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontview.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\format.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fphc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\frprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fsavailux.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fsquirt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fthsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fvecerts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fvecpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fvenotify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveprompt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveskybackup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fvewiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOMPOSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSMON.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSROUTE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSST.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSSVC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXST30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSTIFF.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSUNATD.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSUTILITY.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gacinstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\getmac.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\getuname.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\glu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpprefcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gptext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Groupinghc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\help.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hgprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hotplug.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hotspotauth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\httpprxm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\httpprxp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\htui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hwrcomp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hwrreg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ias.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasads.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icacls.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icfupgd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icmui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IdListen.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\idndl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igdDiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\immersivetpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\intl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipnathlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\irclass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\irftp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\irmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsiexe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\itircl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\itss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iuilp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\joy.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KdsCli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kd_02_8086.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\keepaliveprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernelceip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KeyboardFilterCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KeyboardFilterSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\klist.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KMSVC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\label.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LangCleanupSysprepAction.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ListSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\livessp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LldpNotify.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lltdapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lltdsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lmhsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Locator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LockScreenContent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LockScreenContentHost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LockScreenContentServer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\loghours.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logoff.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LogonUI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpkinstall.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpksetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpksetupproxyserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpremove.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\main.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaintenanceUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\makecab.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\manage-bde.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MbaeParserTask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MbaeXmlParser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mblctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\McxDriv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MDMAgent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MdRes.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MdSched.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MemoryDiagnostic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\midimap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\migflt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mispace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\miutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mlang.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mode.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\modemui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\montr_ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\more.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpnotify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msauserext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msched.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSchedExe.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msconfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdart.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdri.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtckrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtclog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msg711.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsiCofire.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msident.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msidle.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msisip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msls31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msports.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msra.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrahc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssha.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msTextPrediction.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msutb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MUILanguageCleanup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MultiDigiMon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nbtstat.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcaSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncbservice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcdAutoSetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncuprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NdisImPlatform.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nduprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\net.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\net1.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netbios.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetEvtFwdr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netprofmsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetSetupApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netsh.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nettrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetVscCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetworkStatus.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\newdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\newdev.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ninput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlahc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlmsprep.dll:$CmdTcID
         

Alt 13.07.2015, 22:04   #2
floorballref
 
Werde TrojWare.JS.Agend.PD@300743807 nicht los - Standard

Werde TrojWare.JS.Agend.PD@300743807 nicht los



Fortsetzung 2:

Code:
ATTFilter
AlternateDataStreams: C:\Windows\system32\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nltest.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nrpsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nsisvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\offreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\onexui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OptionalFeatures.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\P2P.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\p2psvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\panmap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcsvDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcwrun.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcwutl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDist.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistAD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistCacheProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistCleaner.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistHttpTrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistSh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistWSDDiscoProv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PhotoMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PING.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pla.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\plasrv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ploptin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pmcsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpclean.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnppolicy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnPutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PNPXAssoc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PNPXAssocPrx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnrpauto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Pnrphc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnrpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pots.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ppcsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\print.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintBrmUi.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintDialogHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printfilterpipelineprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printfilterpipelinesvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintIsolationHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintIsolationProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prncache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\procinst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvcext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\proquota.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\provcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityServicePal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityUxHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psmsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pstask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PurchaseWindowsLicense.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PurchaseWindowsLicense.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pwlauncher.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pwlauncher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pwsso.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qappsrv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qprocess.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Query.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\query.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quser.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qwave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qwinsta.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\radardt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasauto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rascustom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\raserver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmbmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RASMM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdbui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcfgex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpclip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpinput.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RDSAppXHelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdsdwmdr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RDSPnf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ReAgentTask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\recimg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\recover.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\recovery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RecoveryDrive.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\reg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regidle.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regini.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RelPost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\repair-bde.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\replace.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\reset.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\reseteng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\resmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\resutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rfxvmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\riched32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rmttpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RoamingSecurity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RotMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RpcEpMap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rtm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\runas.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\runonce.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RuntimeBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rwinsta.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sas.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SCardSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sccls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ScDeviceEnum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scksp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scripto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrptadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdhcinst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdiagschd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Sens.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SensorsClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sensrsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\serialui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sessionmsg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SetNetworkLocation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SetProxyCredential.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setspn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingsHandlers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sfc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sharemediacpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shgina.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sigverif.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SkyDrive.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SkyDriveTelemetry.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SlideToShutDown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slpts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartCardSimulator.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smbwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmsDeviceAccessRevocation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SMSRouter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SnippingTool.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\snmptrap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SNTSearch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\softpub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sort.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SoundRecorder.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SpaceAgent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SpaceControl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spmpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spoolss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spopk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sppnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRH.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srhelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srmclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srmscan.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srmshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srmstormod.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srmtrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srm_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SrpUxNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srrstr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SrTasks.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sscoreext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssdpsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sstpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\stclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sti.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StikyNot.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sti_ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\stobject.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\storewuauth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\streamci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SubscriptionMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\subst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\svchost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\svsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\swprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxssrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\syncui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\syskey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SysResetErr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemEventsBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systemreset.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettings.Handlers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlows.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettingsDatabase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettingsRemoveDevice.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systray.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Tabbtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TabbtnEx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tabcal.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TabletPC.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TabSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\takeown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapilua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskbarcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskhostex.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TcpipSetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TetheringIeProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TetheringMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TetheringStation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themeservice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TimeBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\timeout.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TimeSyncTask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TpmTasks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tpmvsc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tpmvscmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\traffic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tree.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\trkwks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tscfgwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tscon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsdiscon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tskill.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twinui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\txflog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ufat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UI0Detect.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uicom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uireng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ulib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpoext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpowmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umrdp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unattend.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\upnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ureg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\userinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\utildll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uudf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VAN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Vault.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VaultCmd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VaultRoaming.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vaultsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsbas.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsdyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsldr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\verifier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\verifier.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\version.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmbuspipe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VmdCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmictimeprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmrdvcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vpnike.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\w32time.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WallpaperHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WavDest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wbadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wbengine.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wbiosrvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcmcsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcmsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnEapAuthProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnEapPeerProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01007.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdiasqmmodule.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wecsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wephostsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\werconcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wercplsupport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wersvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\werui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WFS.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\where.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\whoami.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiarpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WiFiDisplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wimserv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winbici.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winbio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Vpn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.Input.Inking.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winethc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogonext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winmm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsku.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winspool.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wisp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\witnesswmiv2provider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wkspbroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WLanHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WlanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlansvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlansvcpal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wldp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlrmdr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmicmiplugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WofTasks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WofUtil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\workerdd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WorkFolders.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WorkfoldersControl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WorkFoldersGPExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WorkFoldersShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\workfolderssvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpcMon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpcWebSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpncore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpninprc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpnprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpnsruprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\write.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSCollect.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDMon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDPrintProxy.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDScanProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDScDrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsepno.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wship6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshnetbs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsqmcons.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSReset.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFx02000.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUSettingsProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwancfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwanconn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WWanHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwaninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwanmm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wwanpref.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WwanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\acledit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aclui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\acppage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\activeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adrclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advpack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amstream.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppIdPolicyEngineApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appmgmts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aspnet_counters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\at.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\attrib.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuditNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuditPolicyGPInterop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\avrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\azroles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bcd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BRLM03A.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BROSNMP.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\browcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\browseui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BRRBTOOL.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cabview.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cacls.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\calc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\capisp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cca.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certca.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certreq.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\chartv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\chcp.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\choice.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cipher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\colbact.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\colorui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\combase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comcat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\compact.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\compstui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comuid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\connect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\console.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\control.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\convert.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cttune.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dim700.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dramp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dxof.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dccw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\desk.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dialer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dinput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dispex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Display.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmband.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmcompos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmime.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmstyle.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\docprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\doskey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dplaysvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dplayx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpmodemx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpwsockx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsound.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dssec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dswave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dui70.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\duser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efsui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\elslad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\encapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\es.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\esent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\expand.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\feclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\find.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\findstr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\finger.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontview.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\format.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fphc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\frprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ftp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSEXT32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSXP32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gameux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\getmac.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\getuname.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\glu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpprefcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gptext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\grpconv.exe:$CmdTcID
         
__________________


Alt 13.07.2015, 22:04   #3
floorballref
 
Werde TrojWare.JS.Agend.PD@300743807 nicht los - Standard

Werde TrojWare.JS.Agend.PD@300743807 nicht los



Und Fortsetzung 3:
Code:
ATTFilter
AlternateDataStreams: C:\Windows\SysWOW64\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\help.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hh.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\htui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ias.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasads.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iassam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icacls.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iccvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icmui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\idndl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\intl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir32_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir41_32.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir41_qc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir41_qcx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir50_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir50_qc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir50_qcx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\irclass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\itircl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\itss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\joy.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KeyboardFilterCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\label.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\localsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\loghours.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\main.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\makecab.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\midimap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mispace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\miutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mlang.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mode.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\modemui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\more.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscpxl32.dLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdart.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msg711.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msident.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msidle.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msisip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msls31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msports.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msra.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscript.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssha.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msutb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxlegih.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\net.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\net1.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netbios.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netsh.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\newdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\newdev.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ninput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcji32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcjt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oddbse32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odexl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odfox32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odpdx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odtext32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\offreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\olecli32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\olesvr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\olethk32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\onex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\onexui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\P2P.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\panmap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PeerDist.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PeerDistSh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PING.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pla.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pots.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\print.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PrintConfig.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\printui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\printui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prncache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\profapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\profext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\propsys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\proquota.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\provcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Query.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qwave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\radardt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\raschap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\raserver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\recover.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\reg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regini.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\replace.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\resmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\resutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\riched20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\riched32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rtm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\runas.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\runonce.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\samcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sas.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sbe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scecli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scksp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scripto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrptadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\serialui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sethc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sfc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shgina.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\slpts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\smphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\softpub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sort.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spopk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SRH.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srmclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srmscan.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srmshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srmstormod.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srmtrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srm_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SrpUxNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\stclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sti.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\stobject.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\subst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sud.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\svchost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\syncui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\syskey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\systray.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\takeown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\themeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\timeout.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\traffic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tree.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twinui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\txflog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ufat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uicom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uireng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ulib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\untfs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\upnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ureg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usbui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\userenv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\userinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\utildll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uudf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VAN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Vault.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vdmdbg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\verifier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\verifier.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\version.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\werui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\where.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\whoami.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winbio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winmm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsku.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winspool.drv:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wisp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\write.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wship6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wusa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\agilevpn.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ahcache.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bridge.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bthenum.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bthhfenum.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bthport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\BTHUSB.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Classpnp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\csc.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dumpsd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fltMgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fsdepends.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidbth.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\i8042prt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\kbdclass.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mouclass.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mouhid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mpsdrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mslldp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndiscap.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\NdisImPlatform.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndistapi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndproxy.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Ndu.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netbios.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netvsc63.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nsiproxy.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nwifi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\pacer.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\qwavedrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rasacd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rassstp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\refs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rfcomm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\RimSerial_AMD64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\RimUsb_AMD64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rootmdm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\scfilter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\sdbus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\sermouse.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\spaceport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\swenum.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tbs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbGD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\UCX01000.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\udfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBHUB3.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBXHCI.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vhdmp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmbkmcl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmbus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmstorfl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vpci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wanarp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdBoot.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdFilter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdNisDrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wfplwfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wimmount.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\winhv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wpcfltr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WSDScan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Users\******\Desktop\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\******\Desktop\FRST64.exe:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-648624-2589984946-3326904889-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{06CB7C48-1DC9-4F92-A179-F340FCBA042E}] => (Allow) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{ABC8AC03-DC1F-4DB2-BBE2-53AA657FD912}] => (Allow) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{5ABE83CF-91AC-4AC4-A9E5-84B703A6CEAF}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{49352D94-6DBE-4598-97D3-7FD33E561534}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{9F232194-E9A0-49A9-B098-16A2EECA620F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7E3DE873-86D6-4541-B575-AABB967162AF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0F812CC8-BC3F-426A-B96E-1FFE6ED39AEF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7ADA8943-D709-4036-9E42-FCE05D809D4F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{E8B1D7BF-B5D8-4872-B884-01EAB910B9B5}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{127FEBF4-CF6E-4B6C-9465-4E46EF66B9C0}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{90B8D754-8361-4B2E-9E35-9ED74C742CFA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{59426891-681B-4854-A77D-388790294043}C:\users\******\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\******\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{3BFA8F53-280F-4FCF-8637-11BFF1124EC4}C:\users\******\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\******\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{216D1DB6-304F-44B6-B240-5B61271C4A9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{836807EF-AC8F-4A91-8E0C-63E06D87D6CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{85DDF3ED-EACD-4C53-B92B-6C1E27A0B974}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{FC75C7FD-4514-44C4-AF42-33ECE72D8BBE}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{4CF1A931-E636-493D-A95D-A48E3536C19F}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{AA3C383E-0C74-4EC5-8C4C-E8C31312F07C}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{F8872A7F-9AE8-41B9-9A1D-41EB720B9F0D}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{FE7CF15E-DE5E-4041-AD37-C6D23C79AC1B}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{881CEF3D-A8C0-4262-A955-F41177CA15FE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F3F80B63-0CE8-4E61-AF39-8ADD8610A133}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{0ED41588-CD6F-416A-8297-840FF596A760}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{B8584E10-C74B-43E8-9ADC-03BEC369BA14}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{39848E55-8E7A-4D73-9D7C-DB349899CA35}] => (Allow) LPort=4481
FirewallRules: [{6D8C6DC6-924C-4C82-A643-CBF220C7A10A}] => (Allow) LPort=4481
FirewallRules: [{3E0B74F4-F637-49CC-BF5E-E292729BEB92}] => (Allow) LPort=4482
FirewallRules: [{DF895689-4091-484B-869A-D5B18DA37FD4}] => (Allow) LPort=4482
FirewallRules: [TCP Query User{5603776D-4A8B-4C93-92F0-AD2271A6D1DB}C:\bluebyte\siedler3\s3.exe] => (Block) C:\bluebyte\siedler3\s3.exe
FirewallRules: [UDP Query User{0029B19B-2382-4EF6-9E5D-B7C95B65FD7A}C:\bluebyte\siedler3\s3.exe] => (Block) C:\bluebyte\siedler3\s3.exe
FirewallRules: [{6D486630-FDAB-43F7-B61D-2887B6AD4E5F}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{BCBF5B52-84E6-4964-BC4A-B631A1C1D5F1}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/12/2015 04:41:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c850f5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000039a5a
ID des fehlerhaften Prozesses: 0xdf8
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (07/11/2015 11:46:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RIMDeviceManager.exe, Version: 8.0.0.55, Zeitstempel: 0x5478a7c0
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc000041d
Fehleroffset: 0x02cf7c30
ID des fehlerhaften Prozesses: 0x1508
Startzeit der fehlerhaften Anwendung: 0xRIMDeviceManager.exe0
Pfad der fehlerhaften Anwendung: RIMDeviceManager.exe1
Pfad des fehlerhaften Moduls: RIMDeviceManager.exe2
Berichtskennung: RIMDeviceManager.exe3
Vollständiger Name des fehlerhaften Pakets: RIMDeviceManager.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RIMDeviceManager.exe5

Error: (07/11/2015 11:16:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c850f5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000039a5a
ID des fehlerhaften Prozesses: 0x1560
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (07/10/2015 10:26:43 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (07/10/2015 09:31:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c850f5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000039a5a
ID des fehlerhaften Prozesses: 0x95c
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (07/09/2015 10:54:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (07/09/2015 10:53:59 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).

Error: (07/09/2015 09:53:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (07/04/2015 04:05:00 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (07/04/2015 11:04:18 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)


System errors:
=============
Error: (07/13/2015 09:55:25 PM) (Source: DCOM) (EventID: 10010) (User: ******)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/13/2015 09:54:54 PM) (Source: DCOM) (EventID: 10010) (User: ******)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/13/2015 05:03:28 PM) (Source: DCOM) (EventID: 10010) (User: ******)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/13/2015 05:02:57 PM) (Source: DCOM) (EventID: 10010) (User: ******)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/12/2015 07:06:38 PM) (Source: DCOM) (EventID: 10010) (User: ******)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/12/2015 07:06:08 PM) (Source: DCOM) (EventID: 10010) (User: ******)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/12/2015 05:26:30 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (07/11/2015 11:46:27 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/11/2015 11:46:27 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/11/2015 11:46:27 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office:
=========================
Error: (03/17/2015 11:40:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1951 seconds with 1080 seconds of active time.  This session ended with a crash.

Error: (03/02/2015 07:39:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15125 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/25/2015 04:13:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28406 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/24/2015 05:26:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17187 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/16/2015 09:35:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 82893 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (12/12/2014 09:29:06 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5470 seconds with 3600 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-07-13 22:10:23.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-13 21:35:36.130
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-13 21:20:29.750
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-13 20:54:22.907
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-13 20:40:25.855
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-13 17:48:10.610
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-13 17:40:08.153
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-13 17:29:48.332
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-13 17:20:28.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-13 15:29:27.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 58%
Total physical RAM: 3224.75 MB
Available physical RAM: 1351.73 MB
Total Virtual: 3864.75 MB
Available Virtual: 1416.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:78.03 GB) (Free:22.43 GB) NTFS
Drive d: (S3gold1_g) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Drive e: () (Fixed) (Total:154.76 GB) (Free:48.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BE9185AF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=154.8 GB) - (Type=07 NTFS)

==================== End of log ============================
         
Gmer:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-13 22:22:10
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002c Samsung_SSD_840_Series rev.DXT08B0Q 232,89GB
Running: rsny25bw.exe; Driver: C:\Users\FRANCE~1\AppData\Local\Temp\pxldypog.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [4068:2180]  fffff960009372d0

---- EOF - GMER 2.1 ----
         
__________________

Alt 13.07.2015, 22:11   #4
floorballref
 
Werde TrojWare.JS.Agend.PD@300743807 nicht los - Standard

Werde TrojWare.JS.Agend.PD@300743807 nicht los



Und zuletzt noch die Antiviren-Ereignisse von COMODO. Hier gibt es allerdings immer nur eine HTML-Datei, die hier auch nicht wirklich schön zu lesen ist. Ich hoffe, das ist so ausreichend, leider konnte ich mehr nicht finden.

Code:
ATTFilter
Datum 	Ort 	Name der Malware 	Aktion 	Status
2015-07-13 21:49:04  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-07-13 21:48:58  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-07-13 21:30:48  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\FAB42361D0FA58D9C17C143F207D7BAA4988A995|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\FAB42361D0FA58D9C17C143F207D7BAA4988A995  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-07-13 21:30:28  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\FAB42361D0FA58D9C17C143F207D7BAA4988A995|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\FAB42361D0FA58D9C17C143F207D7BAA4988A995  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-07-13 21:30:01  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-07-13 21:29:34  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-07-13 21:28:14  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-07-13 21:27:27  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-07-13 21:12:33  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-07-13 21:12:20  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-07-13 20:45:58  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-07-13 20:26:42  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\5F3B4D53F2C830D0D01337237A1D2943643757B9  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-07-03 13:37:09  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\C709318AFB2F9117DE3CACBE5DDDCCB7DC999F45|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\C709318AFB2F9117DE3CACBE5DDDCCB7DC999F45  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-07-01 13:07:46  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\673496F115759AEE45BB29DACEA613776A841952|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\673496F115759AEE45BB29DACEA613776A841952  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-07-01 13:07:46  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\17F4FE502B0D7327466456237EE0E4B536512208|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\17F4FE502B0D7327466456237EE0E4B536512208  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-07-01 12:58:23  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\673496F115759AEE45BB29DACEA613776A841952|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\673496F115759AEE45BB29DACEA613776A841952  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-07-01 12:57:23  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\17F4FE502B0D7327466456237EE0E4B536512208|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\17F4FE502B0D7327466456237EE0E4B536512208  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-06-29 22:26:15  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\17F4FE502B0D7327466456237EE0E4B536512208|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\17F4FE502B0D7327466456237EE0E4B536512208  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-06-29 20:36:47  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\17F4FE502B0D7327466456237EE0E4B536512208|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\17F4FE502B0D7327466456237EE0E4B536512208  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-06-28 15:15:23  	c:\users\francesco\appdata\local\mozilla\firefox\profiles\rlt8y14f.default\cache2\entries\318f07fccca3e45e4685c673c172edd0db076f30|c:\users\francesco\appdata\local\mozilla\firefox\profiles\rlt8y14f.default\cache2\entries\318f07fccca3e45e4685c673c172edd0db076f30  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-06-28 15:07:12  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\318F07FCCCA3E45E4685C673C172EDD0DB076F30|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\318F07FCCCA3E45E4685C673C172EDD0DB076F30  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-06-26 12:32:30  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\318F07FCCCA3E45E4685C673C172EDD0DB076F30|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\318F07FCCCA3E45E4685C673C172EDD0DB076F30  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-06-18 13:49:01  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\94176C1CDDF5210ABCB0ACFB39A4342816930504|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\94176C1CDDF5210ABCB0ACFB39A4342816930504  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-06-18 13:34:54  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\94176C1CDDF5210ABCB0ACFB39A4342816930504|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\94176C1CDDF5210ABCB0ACFB39A4342816930504  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-05-29 15:25:57  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\366CC404E579F44998233C16C6F950124B8255D8|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\366CC404E579F44998233C16C6F950124B8255D8  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-05-29 13:43:17  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\366CC404E579F44998233C16C6F950124B8255D8|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\366CC404E579F44998233C16C6F950124B8255D8  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-05-18 11:43:16  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\61E193BA72AE42E472261220C7AB7D8708AC9B43|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\61E193BA72AE42E472261220C7AB7D8708AC9B43  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-05-18 08:48:18  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\61E193BA72AE42E472261220C7AB7D8708AC9B43|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\61E193BA72AE42E472261220C7AB7D8708AC9B43  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-05-15 16:37:59  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\61E193BA72AE42E472261220C7AB7D8708AC9B43|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\61E193BA72AE42E472261220C7AB7D8708AC9B43  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-05-08 17:56:23  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\3ACAE8C4586B83D25B7503916DC1EA2F0A67A38A|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\3ACAE8C4586B83D25B7503916DC1EA2F0A67A38A  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-05-08 17:56:23  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\61E193BA72AE42E472261220C7AB7D8708AC9B43|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\61E193BA72AE42E472261220C7AB7D8708AC9B43  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-05-08 17:56:23  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\E8BACBF99F9D0C95EB214E634CE036AEBBEEF71F|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\E8BACBF99F9D0C95EB214E634CE036AEBBEEF71F  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-05-08 17:56:23  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\614701E317CE6007CBEEF4B97163D54D3983EA6F|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\614701E317CE6007CBEEF4B97163D54D3983EA6F  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-05-08 15:36:27  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\E8BACBF99F9D0C95EB214E634CE036AEBBEEF71F|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\E8BACBF99F9D0C95EB214E634CE036AEBBEEF71F  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-05-08 15:35:02  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\614701E317CE6007CBEEF4B97163D54D3983EA6F|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\614701E317CE6007CBEEF4B97163D54D3983EA6F  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-05-08 15:35:02  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\61E193BA72AE42E472261220C7AB7D8708AC9B43|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\61E193BA72AE42E472261220C7AB7D8708AC9B43  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-05-08 15:34:49  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\3ACAE8C4586B83D25B7503916DC1EA2F0A67A38A|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\3ACAE8C4586B83D25B7503916DC1EA2F0A67A38A  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-04-27 09:16:30  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\3ACAE8C4586B83D25B7503916DC1EA2F0A67A38A|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\3ACAE8C4586B83D25B7503916DC1EA2F0A67A38A  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-04-25 13:35:46  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\2CDA00574994DCAB48302DD02E684F2CB6766F40|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\2CDA00574994DCAB48302DD02E684F2CB6766F40  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-04-25 13:35:46  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\3ACAE8C4586B83D25B7503916DC1EA2F0A67A38A|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\3ACAE8C4586B83D25B7503916DC1EA2F0A67A38A  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-04-25 13:35:46  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\C6540EB7AB1F73033021852132CE4E89BACFC612|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\C6540EB7AB1F73033021852132CE4E89BACFC612  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-04-25 13:35:46  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\FB080EF7BD040D5DEAE415DF827683793A7D512A|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\FB080EF7BD040D5DEAE415DF827683793A7D512A  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-04-25 13:35:46  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\73EC8B27D1B3DDD36DCD873609688D556438D5D4|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\73EC8B27D1B3DDD36DCD873609688D556438D5D4  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-04-25 11:48:10  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\FB080EF7BD040D5DEAE415DF827683793A7D512A|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\FB080EF7BD040D5DEAE415DF827683793A7D512A  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-04-25 11:47:01  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\C6540EB7AB1F73033021852132CE4E89BACFC612|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\C6540EB7AB1F73033021852132CE4E89BACFC612  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-04-25 11:46:06  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\73EC8B27D1B3DDD36DCD873609688D556438D5D4|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\73EC8B27D1B3DDD36DCD873609688D556438D5D4  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-04-25 11:45:40  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\3ACAE8C4586B83D25B7503916DC1EA2F0A67A38A|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\3ACAE8C4586B83D25B7503916DC1EA2F0A67A38A  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-04-25 11:45:32  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\2CDA00574994DCAB48302DD02E684F2CB6766F40|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\2CDA00574994DCAB48302DD02E684F2CB6766F40  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-04-10 20:09:52  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\2CDA00574994DCAB48302DD02E684F2CB6766F40|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\2CDA00574994DCAB48302DD02E684F2CB6766F40  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-04-07 14:06:27  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\D2EE80F4E776F839C2D391165521F29C973CC798|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\D2EE80F4E776F839C2D391165521F29C973CC798  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-04-07 07:52:39  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\D2EE80F4E776F839C2D391165521F29C973CC798|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\D2EE80F4E776F839C2D391165521F29C973CC798  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-04-07 06:56:30  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\D2EE80F4E776F839C2D391165521F29C973CC798|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\D2EE80F4E776F839C2D391165521F29C973CC798  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-04-07 06:56:30  	c:\users\francesco\appdata\local\mozilla\firefox\profiles\rlt8y14f.default\cache2\entries\2e4da2cdce51786d0952f4962438e29e5e9f9f9b|c:\users\francesco\appdata\local\mozilla\firefox\profiles\rlt8y14f.default\cache2\entries\2e4da2cdce51786d0952f4962438e29e5e9f9f9b  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-04-07 06:56:30  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\4584EB1FBCA1C15F8EF412337F9F6B5397FA9423|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\4584EB1FBCA1C15F8EF412337F9F6B5397FA9423  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-04-07 06:56:30  	c:\users\francesco\appdata\local\mozilla\firefox\profiles\rlt8y14f.default\cache2\entries\bb6cbbc5c91446607e984d657a471eccafaeb447|c:\users\francesco\appdata\local\mozilla\firefox\profiles\rlt8y14f.default\cache2\entries\bb6cbbc5c91446607e984d657a471eccafaeb447  	TrojWare.JS.Agent.PD@300743807  	Quarantäne  	Erfolgreich 
2015-04-06 20:48:43  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\D2EE80F4E776F839C2D391165521F29C973CC798|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\D2EE80F4E776F839C2D391165521F29C973CC798  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-04-06 20:48:22  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\BB6CBBC5C91446607E984D657A471ECCAFAEB447|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\BB6CBBC5C91446607E984D657A471ECCAFAEB447  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-04-06 20:47:10  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\4584EB1FBCA1C15F8EF412337F9F6B5397FA9423|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\4584EB1FBCA1C15F8EF412337F9F6B5397FA9423  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich 
2015-04-06 20:46:58  	C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\2E4DA2CDCE51786D0952F4962438E29E5E9F9F9B|C:\Users\Francesco\AppData\Local\Mozilla\Firefox\Profiles\rlt8y14f.default\cache2\entries\2E4DA2CDCE51786D0952F4962438E29E5E9F9F9B  	TrojWare.JS.Agent.PD@300743807  	Erkennen  	Erfolgreich
         

Alt 14.07.2015, 20:04   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Werde TrojWare.JS.Agend.PD@300743807 nicht los - Standard

Werde TrojWare.JS.Agend.PD@300743807 nicht los



Hi,

Adware/Junkware/Toolbars entfernen

1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.07.2015, 18:27   #6
floorballref
 
Werde TrojWare.JS.Agend.PD@300743807 nicht los - Standard

Werde TrojWare.JS.Agend.PD@300743807 nicht los



Moin Cosinus,

danke für die schnelle Antwort. Ich habe die Schritte befolgt, anbei die neuen Log-Files:

MBAM:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 14.07.2015
Suchlauf-Zeit: 21:41:15
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.07.14.05
Rootkit Datenbank: v2015.07.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Francesco

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 360596
Verstrichene Zeit: 18 Min, 24 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 8
PUP.RiskwareTool.CK, C:\ProgramData\Comodo\Cis\Quarantine\data\{0C9AA0CC-CBE7-439D-8832-527DB5EB6911}, In Quarantäne, [a706d8092763b97d84a5e9c9669aa35d], 
PUP.RiskwareTool.CK, C:\ProgramData\Comodo\Cis\Quarantine\data\{35954936-6F9F-4922-B86C-4508D4FCF076}, In Quarantäne, [3f6e1ac7b2d8c86e23066250936d857b], 
PUP.RiskwareTool.CK, C:\ProgramData\Comodo\Cis\Quarantine\data\{364D6FBE-C33D-4084-BB1E-19E9F8DC57EF}, In Quarantäne, [2687d20f4248f0465bce882a8d7343bd], 
PUP.RiskwareTool.CK, C:\ProgramData\Comodo\Cis\Quarantine\data\{D5E38124-6212-4F19-8E83-892BFDFD5B65}, In Quarantäne, [4865a938018986b0be6b674bc43c6799], 
PUP.RiskwareTool.CK, C:\ProgramData\Comodo\Cis\Quarantine\data\{DCF4D77B-D938-4C9A-A251-7F8B407FDED1}, In Quarantäne, [941915ccdcae50e672b7c8ea7c840df3], 
PUP.RiskwareTool.CK, C:\ProgramData\Comodo\Cis\Quarantine\data\{7EBF9DB8-35BE-435D-9016-E7B6326E176A}, In Quarantäne, [129ba83945455bdb5fca407251afde22], 
PUP.RiskwareTool.CK, C:\ProgramData\Comodo\Cis\Quarantine\data\{8485F4AB-FE4C-44CC-B6BD-7BE3CE5CF972}, In Quarantäne, [5855f2efbdcdce68ec3d2d8511ef53ad], 
PUP.RiskwareTool.CK, C:\ProgramData\Comodo\Cis\Quarantine\data\{85112B5E-3457-41E3-933D-5C72FE03E0B7}, In Quarantäne, [3e6f9e4323679c9a1514179bfe02b848], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
AdwCleaner:

Code:
ATTFilter
# AdwCleaner v4.208 - Bericht erstellt 14/07/2015 um 22:05:17
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-11.1 [Server]
# Betriebssystem : Windows 8.1 Pro N  (x64)
# Benutzername : Francesco - FRANC
# Gestarted von : C:\Users\Francesco\Desktop\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
Ordner Gelöscht : C:\Program Files (x86)\Free Video Converter

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 de)


*************************

AdwCleaner[R0].txt - [1018 Bytes] - [14/07/2015 22:04:19]
AdwCleaner[S0].txt - [894 Bytes] - [14/07/2015 22:05:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [952  Bytes] ##########
         
JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.8 (07.14.2015:1)
OS: Windows 8.1 Pro N x64
Ran by Francesco on 14.07.2015 at 22:09:58,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Francesco\AppData\Roaming\mozilla\firefox\profiles\rlt8y14f.default\minidumps [5 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.07.2015 at 22:29:45,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Francesco (administrator) on FRANC on 14-07-2015 22:33:40
Running from C:\Users\Francesco\Desktop
Loaded Profiles: Francesco (Available Profiles: Francesco)
Platform: Windows 8.1 Pro N (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [1004032 2014-02-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [341448 2015-03-27] (Lenovo Group Limited)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-08] (COMODO)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1720696 2013-09-27] (SunplusIT, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2015-04-15] (BlackBerry Limited)
HKU\S-1-5-21-648624-2589984946-3326904889-1001\...\Run: [Dropbox Update] => C:\Users\Francesco\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-648624-2589984946-3326904889-1001\...\MountPoints2: {37c4546d-0bd0-11e5-9c61-201a06c783c9} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-648624-2589984946-3326904889-1001\...\MountPoints2: {b35326ca-32e6-11e4-9c03-806e6f6e6963} - "D:\S3\Autorun.exe" 
HKU\S-1-5-21-648624-2589984946-3326904889-1001\...\MountPoints2: {c7af92ee-08ff-11e5-9c60-201a06c783c9} - "F:\LaunchU3.exe" -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-09-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-08-25]
ShortcutTarget: Dropbox.lnk -> C:\Users\Francesco\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Francesco\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Francesco\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Francesco\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Francesco\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Francesco\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Francesco\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Francesco\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Francesco\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-648624-2589984946-3326904889-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-10-06] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-10-06] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{062BDDCD-413C-4660-B390-0F14C718BF4C}: [DhcpNameServer] 31.209.184.234 31.209.184.235
Tcpip\..\Interfaces\{483A2030-A2AF-4B5D-AC22-4F0FCC49B5FB}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{CD675550-FE91-4D4D-8E80-FAA4CBD5C2C9}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\rlt8y14f.default
FF Homepage: www.google.de
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-10-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-10-06] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-11-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\rlt8y14f.default\Extensions\abs@avira.com [2015-07-02]
FF Extension: FoxyProxy Standard - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\rlt8y14f.default\Extensions\foxyproxy@eric.h.jung [2015-05-30]
FF Extension: Adblock Plus - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\rlt8y14f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-25]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2015-04-15] (BlackBerry Limited)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-03-11] (Microsoft Corporation)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959192 2013-02-26] (Broadcom Corporation.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-08] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-08] (COMODO)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-07-14] (Malwarebytes Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-06-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
S3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2014-09-02] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 BTWPANFL; C:\Windows\system32\drivers\btwpanfl.sys [44912 2013-01-20] (Broadcom Corporation.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-07-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-07-14] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2015-04-15] (BlackBerry Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2015-04-15] (Research in Motion Ltd)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288480 2012-12-13] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2013-10-30] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1515256 2013-10-09] (Sunplus)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 22:33 - 2015-07-14 22:33 - 00013376 _____ C:\Users\Francesco\Desktop\FRST.txt
2015-07-14 22:29 - 2015-07-14 22:29 - 00000739 _____ C:\Users\Francesco\Desktop\JRT.txt
2015-07-14 22:10 - 2015-07-14 22:10 - 00000207 _____ C:\Windows\tweaking.com-regbackup-FRANC-Windows-8.1-Pro-N-(64-bit).dat
2015-07-14 22:10 - 2015-07-14 22:10 - 00000000 ____D C:\RegBackup
2015-07-14 22:07 - 2015-07-14 22:07 - 03034365 _____ (Malwarebytes Corporation) C:\Users\Francesco\Desktop\JRT.exe
2015-07-14 22:06 - 2015-07-14 22:06 - 00001031 _____ C:\Users\Francesco\Desktop\AdwCleaner[S0].txt
2015-07-14 22:04 - 2015-07-14 22:05 - 00000000 ____D C:\AdwCleaner
2015-07-14 22:02 - 2015-07-14 22:02 - 02248704 _____ C:\Users\Francesco\Desktop\AdwCleaner_4.208.exe
2015-07-14 22:02 - 2015-07-14 22:02 - 00002412 _____ C:\Users\Francesco\Desktop\mbam.txt
2015-07-14 21:40 - 2015-07-14 22:01 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-14 21:40 - 2015-07-14 21:40 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-14 21:40 - 2015-07-14 21:40 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-14 21:40 - 2015-07-14 21:40 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-14 21:40 - 2015-07-14 21:40 - 00001110 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-14 21:40 - 2015-07-14 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-14 21:40 - 2015-07-14 21:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-14 21:40 - 2015-07-14 21:40 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-13 22:33 - 2015-07-13 22:37 - 00053290 _____ C:\Users\Francesco\Desktop\Comodo_Antivirus-Ereignisse.htm
2015-07-13 22:22 - 2015-07-13 22:22 - 00000397 _____ C:\Users\Francesco\Desktop\Gmer.log
2015-07-13 22:13 - 2015-07-13 22:53 - 00302713 _____ C:\Users\Francesco\Desktop\Addition1.txt
2015-07-13 22:13 - 2015-07-13 22:53 - 00023366 _____ C:\Users\Francesco\Desktop\FRST1.txt
2015-07-13 22:12 - 2015-07-14 22:33 - 00000000 ____D C:\FRST
2015-07-13 22:11 - 2015-07-13 22:11 - 02133504 _____ (Farbar) C:\Users\Francesco\Desktop\FRST64.exe
2015-07-13 22:10 - 2015-07-13 22:51 - 00000476 _____ C:\Users\Francesco\Desktop\defogger_disable.log
2015-07-13 22:10 - 2015-07-13 22:10 - 00000000 _____ C:\Users\Francesco\defogger_reenable
2015-07-10 19:35 - 2015-07-10 19:35 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-03 09:28 - 2015-07-05 16:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-28 21:05 - 2015-06-28 21:06 - 00001322 _____ C:\Users\Francesco\Desktop\page_tsv.php
2015-06-25 19:05 - 2015-06-25 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-06-25 19:05 - 2015-06-25 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-06-16 06:57 - 2015-07-14 22:02 - 00001252 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-648624-2589984946-3326904889-1001UA.job
2015-06-16 06:57 - 2015-07-11 07:02 - 00001200 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-648624-2589984946-3326904889-1001Core.job
2015-06-16 06:57 - 2015-06-16 06:57 - 00004206 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-648624-2589984946-3326904889-1001UA
2015-06-16 06:57 - 2015-06-16 06:57 - 00003826 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-648624-2589984946-3326904889-1001Core
2015-06-16 06:57 - 2015-06-16 06:57 - 00000000 ____D C:\Users\Francesco\AppData\Local\Dropbox
2015-06-16 06:57 - 2015-06-16 06:57 - 00000000 ____D C:\ProgramData\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 22:26 - 2014-08-27 14:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-14 22:25 - 2014-08-25 20:57 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2015-07-14 22:23 - 2014-12-15 07:13 - 00110528 _____ C:\Windows\system32\Drivers\fvstore.dat
2015-07-14 22:18 - 2014-08-24 20:31 - 01961521 _____ C:\Windows\WindowsUpdate.log
2015-07-14 22:14 - 2014-09-02 23:39 - 12583404 _____ C:\Users\Public\CAFADEBUG.log
2015-07-14 22:12 - 2014-08-24 20:33 - 02139696 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-14 22:12 - 2013-08-23 01:26 - 01034068 _____ C:\Windows\system32\perfh007.dat
2015-07-14 22:12 - 2013-08-23 01:26 - 00248980 _____ C:\Windows\system32\perfc007.dat
2015-07-14 22:11 - 2014-08-24 20:36 - 00003590 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-648624-2589984946-3326904889-1001
2015-07-14 22:06 - 2015-04-25 14:29 - 00000566 _____ C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job
2015-07-14 22:06 - 2014-08-25 17:12 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\Dropbox
2015-07-14 22:06 - 2013-08-22 16:45 - 00019265 _____ C:\Windows\setupact.log
2015-07-14 22:06 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-14 22:05 - 2014-08-24 20:27 - 00243756 _____ C:\Windows\PFRO.log
2015-07-14 22:05 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-14 22:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-14 22:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Help
2015-07-14 21:06 - 2014-08-25 16:59 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{70CD939C-1548-455F-A8FA-77F618468B8B}
2015-07-14 20:31 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-14 19:43 - 2015-04-15 19:34 - 00000462 _____ C:\Users\Francesco\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-07-14 19:43 - 2015-04-15 19:34 - 00000462 _____ C:\Users\Francesco\AppData\Roaming\Rim.Desktop.Exception.log
2015-07-14 19:26 - 2014-08-27 14:12 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-13 23:26 - 2014-08-25 20:57 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2015-07-13 22:54 - 2015-01-04 17:15 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\FileZilla
2015-07-13 22:10 - 2014-08-24 20:31 - 00000000 ____D C:\Users\Francesco
2015-07-12 16:41 - 2015-03-20 12:00 - 00000000 ____D C:\Users\Francesco\AppData\Local\CrashDumps
2015-07-12 15:23 - 2014-09-30 17:31 - 00000000 ____D C:\Users\Francesco\AppData\Roaming\vlc
2015-07-11 23:16 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-09 08:28 - 2014-08-26 00:16 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-09 08:28 - 2014-08-26 00:16 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-06 21:08 - 2015-04-30 13:26 - 00011995 _____ C:\Users\Francesco\Desktop\Arbeitsstunden.xlsx
2015-07-05 16:52 - 2014-08-25 17:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-28 14:59 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-25 23:30 - 2015-01-18 16:14 - 00002008 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2015-06-25 23:30 - 2015-01-18 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-06-25 23:30 - 2015-01-18 16:13 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2015-06-25 19:05 - 2014-11-16 18:36 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2015-06-25 19:05 - 2014-11-16 18:35 - 00000000 ____D C:\ProgramData\Lenovo
2015-06-25 19:05 - 2014-09-02 23:37 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-06-24 11:39 - 2014-12-26 10:18 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-19 21:57 - 2014-08-25 17:15 - 00000000 ____D C:\Users\Francesco\AppData\Local\Microsoft Help
2015-06-17 19:58 - 2014-09-16 06:28 - 00000000 ____D C:\Users\Francesco\.gimp-2.8
2015-06-16 15:13 - 2015-06-03 16:11 - 00000094 _____ C:\Users\Francesco\psv.ini
2015-06-16 09:22 - 2015-06-08 16:43 - 00037706 _____ C:\Users\Francesco\Desktop\Start_GT_2.vsdx

==================== Files in the root of some directories =======

2014-09-28 10:06 - 2015-01-19 11:37 - 0023384 _____ () C:\Users\Francesco\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2015-04-15 19:34 - 2015-07-14 19:43 - 0000462 _____ () C:\Users\Francesco\AppData\Roaming\Rim.Desktop.Exception.log
2015-04-15 19:33 - 2015-04-15 19:33 - 0001111 _____ () C:\Users\Francesco\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-04-15 19:34 - 2015-07-14 19:43 - 0000462 _____ () C:\Users\Francesco\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-03-17 15:16 - 2015-03-17 15:16 - 0004096 ____H () C:\Users\Francesco\AppData\Local\keyfile3.drm
2015-06-08 11:03 - 2015-06-08 11:03 - 0007159 _____ () C:\Users\Francesco\AppData\Local\recently-used.xbel
2014-09-02 23:38 - 2014-09-02 23:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Francesco\AppData\Local\Temp\avgnt.exe
C:\Users\Francesco\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplqlvwk.dll
C:\Users\Francesco\AppData\Local\Temp\install_flashplayer14x32_ltr5x64d_awc_aih.exe
C:\Users\Francesco\AppData\Local\Temp\install_flashplayer15x32au_ltr5x64d_awc_aih.exe
C:\Users\Francesco\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih.exe
C:\Users\Francesco\AppData\Local\Temp\ose00000.exe
C:\Users\Francesco\AppData\Local\Temp\ose00001.exe
C:\Users\Francesco\AppData\Local\Temp\ose00002.exe
C:\Users\Francesco\AppData\Local\Temp\PidGenX.dll
C:\Users\Francesco\AppData\Local\Temp\Quarantine.exe
C:\Users\Francesco\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Francesco\AppData\Local\Temp\sqlite3.dll
C:\Users\Francesco\AppData\Local\Temp\tempdotnetinstall.exe
C:\Users\Francesco\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-12 14:41

==================== End of log ============================
         
Danke für deine Hilfe und viele Grüße,

Floorballref

Alt 15.07.2015, 19:08   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Werde TrojWare.JS.Agend.PD@300743807 nicht los - Standard

Werde TrojWare.JS.Agend.PD@300743807 nicht los



Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.07.2015, 20:11   #8
floorballref
 
Werde TrojWare.JS.Agend.PD@300743807 nicht los - Standard

Werde TrojWare.JS.Agend.PD@300743807 nicht los



Moin Cosinus,

entschuldige, hatte das so verstanden, dass das nur nach dem ersten Scan benötigt würde. Wie auch immer, Addition Teil 1:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Francesco at 2015-07-14 22:34:26
Running from C:\Users\Francesco\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-648624-2589984946-3326904889-500 - Administrator - Disabled)
Francesco (S-1-5-21-648624-2589984946-3326904889-1001 - Administrator - Enabled) => C:\Users\Francesco
Gast (S-1-5-21-648624-2589984946-3326904889-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B20EB44C-5CF4-1ED1-EFB8-FE5E1F8AF49D}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.51.01 - )
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{E755A98B-F45F-4008-A1A5-FC4CB4D2177A}) (Version: 8.0.0.66 - Research In Motion Ltd)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.91 - Broadcom Corporation)
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.00495 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.00495 - Cisco Systems, Inc.) Hidden
COMODO Internet Security Premium (HKLM\...\{D32EF4F9-1506-434E-A813-3D4C0AA50300}) (Version: 7.0.53315.4132 - COMODO Security Solutions Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.27.61 - Conexant)
Die Siedler III Gold Edition (HKLM-x32\...\S3) (Version:  - )
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-648624-2589984946-3326904889-1001\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
FileZilla Client 3.11.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
FluidEXL_Graphics_Stud_Eng_64 (HKLM\...\{5687F741-7915-4352-9497-60DBE76C357E}) (Version: 1.0.0 - Zittau/Goerlitz University of Applied Sciences)
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Integrated Camera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.7.28 - SunplusIT)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.12 - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6000 - Broadcom Corporation)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0037 - Lenovo)
LyX 2.1.3 (HKLM-x32\...\LyX213) (Version: 2.1.3 - LyX Team)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MATLAB R2013b (HKLM\...\Matlab R2013b) (Version: 8.2 - The MathWorks, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM-x32\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
NetBeans IDE 8.0.1 (HKLM\...\nbi-nb-base-8.0.1.0.201408251540) (Version: 8.0.1 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.3 - Notepad++ Team)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29048 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPROR_{115B7592-B71D-4C27-AB34-34268FB199CA}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeX Live 2014 (HKU\S-1-5-21-648624-2589984946-3326904889-1001\...\TeXLive2014) (Version: 2014 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PRJPROR_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Francesco\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Francesco\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Francesco\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Francesco\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Francesco\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Francesco\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Francesco\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Francesco\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Francesco\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-648624-2589984946-3326904889-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Francesco\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

24-06-2015 14:15:59 Windows Update
01-07-2015 17:49:26 Geplanter Prüfpunkt
09-07-2015 10:54:38 Windows Modules Installer

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0436761E-C3D7-42E0-AF1B-E136E8A1E4BC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {08C7EB04-0006-476E-A157-2118F5B4C635} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-08] (COMODO)
Task: {168E9986-FB94-40CE-9AE3-CBC838966D44} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {1D2CE371-50BB-4B41-90AD-7AA3ED8EC721} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {35C4E217-D355-4CF2-93F9-0F45E8DE6FBC} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-08] (COMODO)
Task: {4F26D67B-035E-45FC-A142-BDD815FB30EC} - System32\Tasks\{F825F7C1-2315-428F-B73A-E7DD3914823C} => pcalua.exe -a C:\BlueByte\Siedler3\s3.exe -d C:\BlueByte\Siedler3
Task: {5DB01EDF-9F41-40F2-94EC-661CDC75CBE0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {7BCC23C2-A91B-48D3-8B0B-B615436A1398} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-08] (COMODO)
Task: {8224D065-4FEA-42A6-979A-5569D237CBBE} - System32\Tasks\COMODO\COMODO Scan {F405DD09-67EA-4A4E-B411-6EF66545BC35} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-08] (COMODO)
Task: {91B6A07E-79D3-463A-8BC2-8132EBF3AC78} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-08] (COMODO)
Task: {96FF9D9F-7D92-4112-B0E3-C98740D978D4} - System32\Tasks\MATLAB R2013b Startup Accelerator => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [2015-04-25] ()
Task: {98030246-0E25-4A6D-B076-FAF5CD0DA204} - System32\Tasks\{BD9C797F-4495-4B91-8D2A-642BD59A0BD5} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?source=lightinstaller&page=tsMain
Task: {9BBE35FB-041A-48B7-AA1A-28E3BE474872} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-06-25] ()
Task: {A4152096-8EF4-42ED-BE55-D235BEA9A023} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-08] (COMODO)
Task: {A9585A23-63BB-4D1C-80DB-EAA92CF6CFE8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-648624-2589984946-3326904889-1001Core => C:\Users\Francesco\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {BA60F30B-75B7-4792-8BB6-AF00FE8A698F} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-08] (COMODO)
Task: {C45EC623-4EA1-4836-A1CA-D7478C3653A9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {C7C0FCC1-9F16-4701-AE1B-0C56336F7025} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2015-01-18] (Microsoft Corporation)
Task: {EDEC8EDA-D2A2-4782-94E9-BB5DEFDBE988} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2015-01-18] (Microsoft Corporation)
Task: {F1484E24-EB26-4690-BF33-E4146BDD2D1D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-648624-2589984946-3326904889-1001UA => C:\Users\Francesco\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-648624-2589984946-3326904889-1001Core.job => C:\Users\Francesco\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-648624-2589984946-3326904889-1001UA.job => C:\Users\Francesco\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe

==================== Loaded Modules (Whitelisted) ==============

2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-02-26 18:46 - 2013-02-26 18:46 - 00049368 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2012-08-03 21:53 - 2012-08-03 21:53 - 00062968 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\HelpPane.exe:$CmdTcID
AlternateDataStreams: C:\Windows\hh.exe:$CmdTcID
AlternateDataStreams: C:\Windows\IsUn0407.exe:$CmdTcID
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\regedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\twain_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\winhlp32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\write.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acledit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aclui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acppage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ActionQueue.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\activeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adhapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adhsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adrclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advpack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aecache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AepRoam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aitagent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\alg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AltTab.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amstream.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppIdPolicyEngineApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appmgmts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppReadiness.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appsruprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppXDeploymentExtensions.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppXDeploymentServer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxStreamingDataSourcePS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxSysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aspnet_counters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\at.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\attrib.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditcse.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuditNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuditPolicyGPInterop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthHostProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AutoWorkplaceN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\avrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AxInstSv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AxInstUI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\baaupdate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcdboot.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcdprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcdsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdechangepin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BdeHdCfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BdeHdCfgLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bderepair.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdesvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BdeSysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BdeUISrv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdeunlock.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BitLockerDeviceEncryption.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BitLockerWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BitLockerWizardElev.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blb_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bootim.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BootMenuUX.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bootsect.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bootux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\brdgcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bridgeunattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BrokerLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthHFSrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthpanapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthpanContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthRadioMedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthSQM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BulkOperationHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cabview.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cacls.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\calc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\capisp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cca.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certca.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\change.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chartv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chcp.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chglogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chgport.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chgusr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chkwudrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\choice.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CIRCoInst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cofire.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cofiredm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\colbact.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\colorui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\combase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comcat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\compact.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CompMgmtLauncher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\compstui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ConsentUX.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\console.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\control.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\convert.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\correngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptcatsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CscMig.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CSystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cttune.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dab.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DAConn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dafBth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dafupnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dafWCN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dafWfdProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DAFWSD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DAMM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\das.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dasHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\datusage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dccw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddpchunk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddptrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddputils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddp_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Defrag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\defragproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\defragsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\desk.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceDriverRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceEject.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceElementSource.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deviceregistration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceSetupManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceSetupManagerAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevPropMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfdts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DFDWiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DfpCommon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DiagCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dialer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dinput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\discan.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dispci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dispdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dispex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Display.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\djoin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnshc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\docprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\doskey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Dot3Conn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3mm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvcfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DscCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DscCoreConfProv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DsmUserTask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsound.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dssec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dswave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dui70.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\duser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmredir.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxgwdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DXP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxpps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Dxpserver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Eap3Host.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\easconsent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\easinvoker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\easinvoker.proxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efslsaext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efssvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efsui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\elslad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\embeddedapplauncher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EmbeddedAppLauncherConfig.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\encapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\energy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\energyprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\energytask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\es.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EventAggregation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\expand.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdPHost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FDResPub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\feclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhautoplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhcat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhcleanup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhengine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhevents.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhlisten.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhmanagew.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhshl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhsrchapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhsrchph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhsvcctl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhtask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FileAppxStreamingDataSource.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\find.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\finger.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Firewall.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontview.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\format.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fphc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\frprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fsavailux.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fsquirt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fthsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fvecerts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fvecpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fvenotify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveprompt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveskybackup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fvewiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOMPOSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSMON.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSROUTE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSST.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSSVC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXST30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSTIFF.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSUNATD.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSUTILITY.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gacinstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\getmac.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\getuname.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\glu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpprefcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gptext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Groupinghc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\help.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hgprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hotplug.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hotspotauth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\httpprxm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\httpprxp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\htui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hwrcomp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hwrreg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ias.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasads.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icacls.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icfupgd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icmui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IdListen.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\idndl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igdDiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\immersivetpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\intl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipnathlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\irclass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\irftp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\irmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsiexe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\itircl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\itss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iuilp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\joy.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KdsCli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kd_02_8086.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\keepaliveprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernelceip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KeyboardFilterCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KeyboardFilterSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\klist.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KMSVC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\label.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LangCleanupSysprepAction.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ListSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\livessp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LldpNotify.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lltdapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lltdsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lmhsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Locator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LockScreenContent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LockScreenContentHost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LockScreenContentServer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\loghours.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logoff.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LogonUI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpkinstall.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpksetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpksetupproxyserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpremove.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\main.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaintenanceUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\makecab.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\manage-bde.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MbaeParserTask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MbaeXmlParser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mblctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\McxDriv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MDMAgent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MdRes.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MdSched.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MemoryDiagnostic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\midimap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\migflt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mispace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\miutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mlang.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mode.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\modemui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\montr_ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\more.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpnotify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msauserext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msched.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSchedExe.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msconfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdart.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdri.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtckrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtclog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msg711.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsiCofire.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msident.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msidle.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msisip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msls31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msports.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msra.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrahc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssha.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msTextPrediction.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msutb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MUILanguageCleanup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MultiDigiMon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nbtstat.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcaSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncbservice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcdAutoSetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncuprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NdisImPlatform.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nduprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\net.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\net1.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netbios.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetEvtFwdr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netprofmsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetSetupApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netsh.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nettrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetVscCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetworkStatus.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\newdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\newdev.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ninput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlahc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nltest.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nrpsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nsisvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\offreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\onexui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OptionalFeatures.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\P2P.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\p2psvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\panmap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcsvDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcwrun.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcwutl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDist.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistAD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistCacheProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistCleaner.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistHttpTrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistSh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistWSDDiscoProv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PhotoMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PING.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pla.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\plasrv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ploptin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pmcsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpclean.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnppolicy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnPutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PNPXAssoc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PNPXAssocPrx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnrpauto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Pnrphc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnrpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pots.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ppcsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationSettings.exe:$CmdTcID
         
Viele Grüße,

Floorballref

Alt 15.07.2015, 20:12   #9
floorballref
 
Werde TrojWare.JS.Agend.PD@300743807 nicht los - Standard

Werde TrojWare.JS.Agend.PD@300743807 nicht los



Addition Teil 2:

Code:
ATTFilter
AlternateDataStreams: C:\Windows\system32\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\print.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintBrmUi.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintDialogHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printfilterpipelineprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printfilterpipelinesvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintIsolationHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintIsolationProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prncache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\procinst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvcext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\proquota.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\provcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityServicePal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityUxHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psmsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pstask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PurchaseWindowsLicense.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PurchaseWindowsLicense.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pwlauncher.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pwlauncher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pwsso.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qappsrv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qprocess.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Query.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\query.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quser.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qwave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qwinsta.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\radardt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasauto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rascustom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\raserver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmbmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RASMM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdbui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcfgex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpclip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpinput.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RDSAppXHelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdsdwmdr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RDSPnf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ReAgentTask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\recimg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\recover.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\recovery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RecoveryDrive.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\reg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regidle.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regini.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RelPost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\repair-bde.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\replace.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\reset.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\reseteng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\resmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\resutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rfxvmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\riched32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rmttpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RoamingSecurity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RotMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RpcEpMap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rtm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\runas.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\runonce.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RuntimeBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rwinsta.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sas.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SCardSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sccls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ScDeviceEnum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scksp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scripto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrptadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdhcinst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdiagschd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Sens.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SensorsClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sensrsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\serialui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sessionmsg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SetNetworkLocation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SetProxyCredential.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setspn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingsHandlers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sfc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sharemediacpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shgina.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sigverif.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SkyDrive.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SkyDriveTelemetry.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SlideToShutDown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slpts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartCardSimulator.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smbwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmsDeviceAccessRevocation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SMSRouter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SnippingTool.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\snmptrap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SNTSearch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\softpub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sort.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SoundRecorder.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SpaceAgent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SpaceControl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spmpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spoolss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spopk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sppnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRH.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srhelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srmclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srmscan.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srmshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srmstormod.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srmtrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srm_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SrpUxNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srrstr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SrTasks.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sscoreext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssdpsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sstpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\stclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sti.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StikyNot.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sti_ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\stobject.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\storewuauth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\streamci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SubscriptionMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\subst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\svchost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\svsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\swprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxssrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\syncui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\syskey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SysResetErr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemEventsBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systemreset.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettings.Handlers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlows.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettingsDatabase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettingsRemoveDevice.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systray.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Tabbtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TabbtnEx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tabcal.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TabletPC.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TabSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\takeown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapilua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskbarcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskhostex.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TcpipSetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TetheringIeProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TetheringMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TetheringStation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themeservice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TimeBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\timeout.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TimeSyncTask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TpmTasks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tpmvsc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tpmvscmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\traffic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tree.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\trkwks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tscfgwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tscon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsdiscon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tskill.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twinui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\txflog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ufat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UI0Detect.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uicom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uireng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ulib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpoext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpowmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umrdp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unattend.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\upnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ureg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\userinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\utildll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uudf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VAN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Vault.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VaultCmd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VaultRoaming.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vaultsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsbas.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsdyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsldr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\verifier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\verifier.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\version.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmbuspipe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VmdCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmictimeprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmrdvcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vpnike.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\w32time.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WallpaperHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WavDest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wbadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wbengine.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wbiosrvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcmcsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcmsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnEapAuthProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnEapPeerProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01007.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdiasqmmodule.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wecsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wephostsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\werconcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wercplsupport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wersvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\werui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WFS.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\where.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\whoami.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiarpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WiFiDisplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wimserv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winbici.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winbio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Vpn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.Input.Inking.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winethc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogonext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winmm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsku.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winspool.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wisp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\witnesswmiv2provider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wkspbroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WLanHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WlanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlansvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlansvcpal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wldp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlrmdr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmicmiplugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WofTasks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WofUtil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\workerdd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WorkFolders.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WorkfoldersControl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WorkFoldersGPExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WorkFoldersShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\workfolderssvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpcMon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpcWebSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpncore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpninprc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpnprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpnsruprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\write.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSCollect.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDMon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDPrintProxy.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDScanProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDScDrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsepno.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wship6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshnetbs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsqmcons.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSReset.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFx02000.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUSettingsProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwancfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwanconn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WWanHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwaninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwanmm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wwanpref.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WwanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\acledit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aclui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\acppage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\activeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adrclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advpack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amstream.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppIdPolicyEngineApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appmgmts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aspnet_counters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\at.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\attrib.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuditNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuditPolicyGPInterop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\avrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\azroles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bcd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BRLM03A.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BROSNMP.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\browcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\browseui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BRRBTOOL.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cabview.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cacls.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\calc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\capisp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cca.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certca.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certreq.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\chartv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\chcp.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\choice.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cipher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\colbact.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\colorui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\combase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comcat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\compact.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\compstui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comuid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\connect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\console.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\control.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\convert.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cttune.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dim700.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dramp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dxof.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dccw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\desk.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dialer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dinput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dispex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Display.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmband.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmcompos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmime.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmstyle.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\docprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\doskey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dplaysvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dplayx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpmodemx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpwsockx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsound.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dssec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dswave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dui70.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\duser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efsui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\elslad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\encapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\es.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\esent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\expand.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\feclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\find.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\findstr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\finger.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontview.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\format.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fphc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\frprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ftp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSEXT32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSXP32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gameux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\getmac.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\getuname.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\glu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpprefcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gptext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\help.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hh.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\htui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ias.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasads.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iassam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icacls.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iccvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icmui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\idndl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\intl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir32_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir41_32.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir41_qc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir41_qcx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir50_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir50_qc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir50_qcx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\irclass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\itircl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\itss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\joy.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KeyboardFilterCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\label.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\localsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\loghours.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\main.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\makecab.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\midimap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mispace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\miutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mlang.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mode.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\modemui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\more.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscpxl32.dLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdart.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msg711.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msident.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msidle.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msisip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msls31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msports.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msra.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscript.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssha.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msutb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxlegih.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Mystify.scr:$CmdTcID
         

Alt 15.07.2015, 20:13   #10
floorballref
 
Werde TrojWare.JS.Agend.PD@300743807 nicht los - Standard

Werde TrojWare.JS.Agend.PD@300743807 nicht los



Addition Teil 3:

Code:
ATTFilter
AlternateDataStreams: C:\Windows\SysWOW64\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\net.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\net1.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netbios.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netsh.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\newdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\newdev.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ninput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcji32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcjt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oddbse32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odexl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odfox32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odpdx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odtext32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\offreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\olecli32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\olesvr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\olethk32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\onex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\onexui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\P2P.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\panmap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PeerDist.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PeerDistSh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PING.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pla.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pots.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\print.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PrintConfig.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\printui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\printui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prncache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\profapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\profext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\propsys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\proquota.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\provcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Query.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qwave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\radardt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\raschap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\raserver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\recover.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\reg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regini.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\replace.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\resmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\resutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\riched20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\riched32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rtm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\runas.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\runonce.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\samcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sas.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sbe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scecli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scksp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scripto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrptadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\serialui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sethc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sfc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shgina.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\slpts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\smphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\softpub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sort.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spopk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SRH.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srmclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srmscan.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srmshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srmstormod.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srmtrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srm_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SrpUxNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\stclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sti.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\stobject.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\subst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sud.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\svchost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\syncui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\syskey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\systray.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\takeown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\themeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\timeout.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\traffic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tree.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twinui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\txflog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ufat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uicom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uireng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ulib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\untfs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\upnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ureg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usbui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\userenv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\userinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\utildll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uudf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VAN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Vault.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vdmdbg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\verifier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\verifier.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\version.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\werui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\where.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\whoami.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winbio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winmm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsku.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winspool.drv:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wisp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\write.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wship6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wusa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\agilevpn.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ahcache.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bridge.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bthenum.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bthhfenum.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bthport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\BTHUSB.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Classpnp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\csc.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dumpsd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fltMgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fsdepends.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidbth.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\i8042prt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\kbdclass.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mouclass.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mouhid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mpsdrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mslldp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndiscap.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\NdisImPlatform.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndistapi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndproxy.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Ndu.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netbios.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netvsc63.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nsiproxy.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nwifi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\pacer.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\qwavedrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rasacd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rassstp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\refs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rfcomm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\RimSerial_AMD64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\RimUsb_AMD64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rootmdm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\scfilter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\sdbus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\sermouse.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\spaceport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\swenum.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tbs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbGD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\UCX01000.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\udfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBHUB3.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBXHCI.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vhdmp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmbkmcl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmbus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmstorfl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vpci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wanarp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdBoot.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdFilter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdNisDrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wfplwfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wimmount.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\winhv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wpcfltr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WSDScan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Users\Francesco\Desktop\AdwCleaner_4.208.exe:$CmdTcID
AlternateDataStreams: C:\Users\Francesco\Desktop\AdwCleaner_4.208.exe:$CmdZnID
AlternateDataStreams: C:\Users\Francesco\Desktop\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Francesco\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Francesco\Desktop\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Francesco\Desktop\JRT.exe:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-648624-2589984946-3326904889-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{06CB7C48-1DC9-4F92-A179-F340FCBA042E}] => (Allow) C:\Users\Francesco\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{ABC8AC03-DC1F-4DB2-BBE2-53AA657FD912}] => (Allow) C:\Users\Francesco\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{5ABE83CF-91AC-4AC4-A9E5-84B703A6CEAF}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{49352D94-6DBE-4598-97D3-7FD33E561534}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{9F232194-E9A0-49A9-B098-16A2EECA620F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7E3DE873-86D6-4541-B575-AABB967162AF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0F812CC8-BC3F-426A-B96E-1FFE6ED39AEF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7ADA8943-D709-4036-9E42-FCE05D809D4F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{E8B1D7BF-B5D8-4872-B884-01EAB910B9B5}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{127FEBF4-CF6E-4B6C-9465-4E46EF66B9C0}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{90B8D754-8361-4B2E-9E35-9ED74C742CFA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{59426891-681B-4854-A77D-388790294043}C:\users\francesco\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\francesco\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{3BFA8F53-280F-4FCF-8637-11BFF1124EC4}C:\users\francesco\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\francesco\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{216D1DB6-304F-44B6-B240-5B61271C4A9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{836807EF-AC8F-4A91-8E0C-63E06D87D6CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{85DDF3ED-EACD-4C53-B92B-6C1E27A0B974}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{FC75C7FD-4514-44C4-AF42-33ECE72D8BBE}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{4CF1A931-E636-493D-A95D-A48E3536C19F}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{AA3C383E-0C74-4EC5-8C4C-E8C31312F07C}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{F8872A7F-9AE8-41B9-9A1D-41EB720B9F0D}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{FE7CF15E-DE5E-4041-AD37-C6D23C79AC1B}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{881CEF3D-A8C0-4262-A955-F41177CA15FE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F3F80B63-0CE8-4E61-AF39-8ADD8610A133}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{0ED41588-CD6F-416A-8297-840FF596A760}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{B8584E10-C74B-43E8-9ADC-03BEC369BA14}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{39848E55-8E7A-4D73-9D7C-DB349899CA35}] => (Allow) LPort=4481
FirewallRules: [{6D8C6DC6-924C-4C82-A643-CBF220C7A10A}] => (Allow) LPort=4481
FirewallRules: [{3E0B74F4-F637-49CC-BF5E-E292729BEB92}] => (Allow) LPort=4482
FirewallRules: [{DF895689-4091-484B-869A-D5B18DA37FD4}] => (Allow) LPort=4482
FirewallRules: [TCP Query User{5603776D-4A8B-4C93-92F0-AD2271A6D1DB}C:\bluebyte\siedler3\s3.exe] => (Block) C:\bluebyte\siedler3\s3.exe
FirewallRules: [UDP Query User{0029B19B-2382-4EF6-9E5D-B7C95B65FD7A}C:\bluebyte\siedler3\s3.exe] => (Block) C:\bluebyte\siedler3\s3.exe
FirewallRules: [{6D486630-FDAB-43F7-B61D-2887B6AD4E5F}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{BCBF5B52-84E6-4964-BC4A-B631A1C1D5F1}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2015 07:21:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 12.0.6691.5000, Zeitstempel: 0x52e8c57c
Name des fehlerhaften Moduls: wwlib.dll, Version: 12.0.6718.5000, Zeitstempel: 0x54e45c5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00e77534
ID des fehlerhaften Prozesses: 0xf28
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3
Vollständiger Name des fehlerhaften Pakets: OUTLOOK.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OUTLOOK.EXE5

Error: (07/12/2015 04:41:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c850f5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000039a5a
ID des fehlerhaften Prozesses: 0xdf8
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (07/11/2015 11:46:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RIMDeviceManager.exe, Version: 8.0.0.55, Zeitstempel: 0x5478a7c0
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc000041d
Fehleroffset: 0x02cf7c30
ID des fehlerhaften Prozesses: 0x1508
Startzeit der fehlerhaften Anwendung: 0xRIMDeviceManager.exe0
Pfad der fehlerhaften Anwendung: RIMDeviceManager.exe1
Pfad des fehlerhaften Moduls: RIMDeviceManager.exe2
Berichtskennung: RIMDeviceManager.exe3
Vollständiger Name des fehlerhaften Pakets: RIMDeviceManager.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RIMDeviceManager.exe5

Error: (07/11/2015 11:16:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c850f5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000039a5a
ID des fehlerhaften Prozesses: 0x1560
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (07/10/2015 10:26:43 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (07/10/2015 09:31:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c850f5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000039a5a
ID des fehlerhaften Prozesses: 0x95c
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (07/09/2015 10:54:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (07/09/2015 10:53:59 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).

Error: (07/09/2015 09:53:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (07/04/2015 04:05:00 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)


System errors:
=============
Error: (07/14/2015 10:15:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BlackBerry Device Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/14/2015 10:14:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Lenovo Hotkey Client Loader" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/14/2015 10:14:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Lenovo Microphone Mute" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/14/2015 10:14:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Conexant SmartAudio service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/14/2015 10:14:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Lenovo Auto Scroll" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/14/2015 10:14:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IconMan_R" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/14/2015 10:14:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Conexant Audio Message Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/14/2015 10:14:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/14/2015 10:14:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/14/2015 10:14:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (07/14/2015 07:21:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/17/2015 11:40:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1951 seconds with 1080 seconds of active time.  This session ended with a crash.

Error: (03/02/2015 07:39:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15125 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/25/2015 04:13:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28406 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/24/2015 05:26:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17187 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/16/2015 09:35:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 82893 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (12/12/2014 09:29:06 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5470 seconds with 3600 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-07-14 22:31:56.973
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-14 22:08:08.110
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-14 22:01:44.539
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-14 22:00:13.102
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-14 21:04:31.973
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-14 20:53:28.836
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-14 19:46:00.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-14 19:32:13.819
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-14 19:12:39.209
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-14 16:32:17.374
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 40%
Total physical RAM: 3224.75 MB
Available physical RAM: 1909.82 MB
Total Virtual: 3800.75 MB
Available Virtual: 2107.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:78.03 GB) (Free:22.37 GB) NTFS
Drive d: (S3gold1_g) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Drive e: () (Fixed) (Total:154.76 GB) (Free:48.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BE9185AF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=154.8 GB) - (Type=07 NTFS)

==================== End of log ============================
         
Nochmals vielen Dank für deinen Mühe,
einen schönen Abend noch!

Alt 15.07.2015, 20:26   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Werde TrojWare.JS.Agend.PD@300743807 nicht los - Standard

Werde TrojWare.JS.Agend.PD@300743807 nicht los



Zitat:
entschuldige, hatte das so verstanden, dass das nur nach dem ersten Scan benötigt würde
Ist ja auch richtig so, so stehts in der Beschreibung ich wollte nur gerne eine neue Addition.txt sehen - sieht soweit ok aus.

Kontrollscans mit ESET und SC bitte:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.07.2015, 14:43   #12
floorballref
 
Werde TrojWare.JS.Agend.PD@300743807 nicht los - Standard

Werde TrojWare.JS.Agend.PD@300743807 nicht los



Moin Cosinus,

entschuldige, dass es ein bisschen länger gedauert hat, ich war ein paar Tage weg und hatte nicht alle USB-Sticks etc. mit mir. Hier das Logfile von ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=007afacfdd72134f9f7d4fe2e33e53e3
# end=init
# utc_time=2015-07-19 10:58:38
# local_time=2015-07-19 12:58:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Init
Update Download
Update Finalize
Updated modules version: 24872
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=007afacfdd72134f9f7d4fe2e33e53e3
# end=updated
# utc_time=2015-07-19 11:02:16
# local_time=2015-07-19 01:02:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=007afacfdd72134f9f7d4fe2e33e53e3
# engine=24872
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-19 01:31:50
# local_time=2015-07-19 03:31:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3081 16777213 100 100 3376132 46313704 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 11034773 62194003 0 0
# scanned=623731
# found=9
# cleaned=0
# scan_time=8973
sh=E781FA9D24E9CD76092DD0AE897906CB69790024 ft=1 fh=b0b5e08c4e592cd4 vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{6361A1A3-6DBE-4402-B35D-FD432B32AD7B}"
sh=E781FA9D24E9CD76092DD0AE897906CB69790024 ft=1 fh=b0b5e08c4e592cd4 vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{6361A1A3-6DBE-4402-B35D-FD432B32AD7B}"
sh=D01F9F59BF6CA6E3FE60231CC8808C1A4FEA4530 ft=1 fh=e23161741f42185f vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Francesco\AppData\Local\Temp\uu6F8QvT.exe.part"
sh=30457F7CFBCDA8749B9CD92F573741C817F1503F ft=1 fh=28278fd3183d6da2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Francesco\AppData\Local\Temp\DMR\dmr_72.exe"
sh=B8F57574A5B72C551D42E3FB67963FE78F3E5708 ft=1 fh=26d53975bc4fd59e vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-734558832-2552862172-623217668-1000\$RIO3BXD.exe"
sh=CA017987B05AB65C34AFDB6B6C1BBD4FD54FC949 ft=0 fh=0000000000000000 vn="Variante von Generik.FQMNCYT Trojaner" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-734558832-2552862172-623217668-1000\$R0Z4RTS\pea-sici4del.rar"
sh=D01F9F59BF6CA6E3FE60231CC8808C1A4FEA4530 ft=1 fh=e23161741f42185f vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="E:\documents\Downloads\Setup_31FreeVideoConverter.exe"
sh=8A72F448F17C026A1B2A59686DE720079CCBA08F ft=1 fh=4d4a711952b3453e vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="E:\documents\Downloads\Anwendungen\DTLite4481-0347.exe"
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="E:\documents\Downloads\Anwendungen\PDFCreator-1_7_1_setup.exe"
         
Und das Logfile von Security Check:

Code:
ATTFilter
 Results of screen317's Security Check version 1.004  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
COMODO Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java version 32-bit out of Date! 
 Adobe Flash Player 	18.0.0.209  
 Adobe Reader XI  
 Mozilla Firefox (39.0) 
````````Process Check: objlist.exe by Laurent````````  
 Comodo Firewall cmdagent.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
Danke, viele Grüße und einen schönen Sonntag noch!

Floorballref

Alt 19.07.2015, 15:19   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Werde TrojWare.JS.Agend.PD@300743807 nicht los - Standard

Werde TrojWare.JS.Agend.PD@300743807 nicht los



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
E:\documents\Downloads\Setup_31FreeVideoConverter.exe
E:\documents\Downloads\Anwendungen\DTLite4481-0347.exe
E:\documents\Downloads\Anwendungen\PDFCreator-1_7_1_setup.exe
EmptyTemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.07.2015, 15:31   #14
floorballref
 
Werde TrojWare.JS.Agend.PD@300743807 nicht los - Standard

Werde TrojWare.JS.Agend.PD@300743807 nicht los



Moin Cosinus,

danke für die schnelle Antwort. Hier der Inhalt des Log-Files:

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Francesco at 2015-07-19 16:27:20 Run:1
Running from C:\Users\Francesco\Desktop
Loaded Profiles: Francesco (Available Profiles: Francesco)
Boot Mode: Normal
==============================================

fixlist content:
*****************
E:\documents\Downloads\Setup_31FreeVideoConverter.exe
E:\documents\Downloads\Anwendungen\DTLite4481-0347.exe
E:\documents\Downloads\Anwendungen\PDFCreator-1_7_1_setup.exe
EmptyTemp:
*****************

E:\documents\Downloads\Setup_31FreeVideoConverter.exe => moved successfully.
E:\documents\Downloads\Anwendungen\DTLite4481-0347.exe => moved successfully.
E:\documents\Downloads\Anwendungen\PDFCreator-1_7_1_setup.exe => moved successfully.
EmptyTemp: => 3.3 GB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 16:27:59 ====
         
Viele Grüße,

Floorballref

Alt 19.07.2015, 15:36   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Werde TrojWare.JS.Agend.PD@300743807 nicht los - Standard

Werde TrojWare.JS.Agend.PD@300743807 nicht los



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Werde TrojWare.JS.Agend.PD@300743807 nicht los
.dll, avg, avira, browser, defender, dnsapi.dll, explorer, feedback, fehler, firefox, firefox 39.0, flash player, ftp, homepage, mozilla, problem, realtek, registry, rundll, scan, security, services.exe, software, svchost.exe, system, virus, windows, winlogon.exe



Ähnliche Themen: Werde TrojWare.JS.Agend.PD@300743807 nicht los


  1. Windows 7 N: Comodo endeckt TrojWare.JS.Agent.PD@300743807 immer wieder in Firefox Unterordnern
    Log-Analyse und Auswertung - 11.07.2015 (5)
  2. Comodo wird TrojWare.JS.Agent.PD@300743807 nicht los
    Log-Analyse und Auswertung - 06.07.2015 (18)
  3. Windows 7: TR/Agend - Massive Werbung und Viren Angriff
    Log-Analyse und Auswertung - 27.11.2014 (25)
  4. TrojWare.Win32.VB.HEFF@312803905
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (3)
  5. TrojWare.JS.Agent.IL in AdAware eingenistet?
    Plagegeister aller Art und deren Bekämpfung - 27.04.2013 (17)
  6. TrojWare.Win32.Buzus.carj@283207124
    Log-Analyse und Auswertung - 27.03.2013 (34)
  7. TrojWare.Win32.Trojan.Katusha.~E@104915147
    Log-Analyse und Auswertung - 06.04.2012 (3)
  8. Backdoor.agend / TR/ATRAPS.GEN 2 und mediashift
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (15)
  9. TrojWare.Win32.Trojan.Agent.Gen@1 in temp/upd.exe gefunden! Lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (16)
  10. Worm/Agend: Ordner als Verknüpfungen angezeigt
    Log-Analyse und Auswertung - 12.08.2011 (33)
  11. TrojWare.Win32.Trojan.Katusha.~E@104915147
    Plagegeister aller Art und deren Bekämpfung - 19.07.2011 (1)
  12. Virenmeldung TrojWare.Win32.Krap.T@-1
    Plagegeister aller Art und deren Bekämpfung - 17.12.2010 (1)
  13. Rootkid.Agend gefunden - Internet stürzt beim Start eines PC ab
    Plagegeister aller Art und deren Bekämpfung - 30.08.2010 (3)
  14. TR/dldr.java.agend.cf
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (1)
  15. TR/Agend.CX.361 entdeckt - wie löschen?
    Log-Analyse und Auswertung - 15.06.2010 (4)
  16. TR/Agend.CX.361 entdeckt aber keine ahnung wie der zu löschen geht
    Log-Analyse und Auswertung - 11.06.2010 (14)
  17. TR/Agend.FMC Virus geht nicht weg
    Plagegeister aller Art und deren Bekämpfung - 04.12.2007 (0)

Zum Thema Werde TrojWare.JS.Agend.PD@300743807 nicht los - Moin liebe Helferin oder Helfer, ich muss sagen, dass ich neu auf diesem Gebiet bin. Ich habe euren Thread zu exakt der gleichen Meldung hier: http://www.trojaner-board.de/168296-...43807-los.html gelesen, aber es heißt - Werde TrojWare.JS.Agend.PD@300743807 nicht los...
Archiv
Du betrachtest: Werde TrojWare.JS.Agend.PD@300743807 nicht los auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.