HackTool.KMS

deeprybka · 11.01.2016, 09:49

TuneUp Utilities
SpyHunter 4
Security Task Manager 2.1

Bitte deinstallieren.

Danach bitte Suchscan durchführen:

Schritt 1

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Pumuckl57 · 11.01.2016, 20:12

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d461849f249f00449dc654355a41a70c
# end=init
# utc_time=2016-01-11 04:45:06
# local_time=2016-01-11 05:45:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 27590
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d461849f249f00449dc654355a41a70c
# end=updated
# utc_time=2016-01-11 04:50:41
# local_time=2016-01-11 05:50:41 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d461849f249f00449dc654355a41a70c
# engine=27590
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-01-11 06:37:59
# local_time=2016-01-11 07:37:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3081 16777213 100 92 4406658 61542073 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 13157116 77418772 0 0
# scanned=456346
# found=12
# cleaned=0
# scan_time=6437
sh=764E35F5D7285A7A0F0AE509CD3A7AE35A7617EE ft=1 fh=ceaa75ecc558b7b3 vn="MSIL/AdvancedSystemProtector.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\systweakasp.exe.vir"
sh=1748CC36EA295AED6E263F08C30FD2676C187552 ft=1 fh=c7f29243341991bf vn="Variante von Win32/AdWare.CycloneAd.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Stefan\AppData\Local\ContextFree\cntcmd.exe.vir"
sh=CA2893AB5FBA02B348423F87A7216C73207D8DE3 ft=1 fh=f8578be9d3a2b3db vn="Variante von Win32/AdWare.CycloneAd.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Stefan\AppData\Local\ContextFree\framei.exe.vir"
sh=B41F338BC7860041D2C50CE6F9FC63D96CD6DEA0 ft=1 fh=4916afb9d6170540 vn="Win32/Adware.CycloneAd Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Stefan\AppData\Local\ContextFree\notifications.exe.vir"
sh=B26FE56C808C0FDA3B67425DA635F8F24FEA73D9 ft=1 fh=38f50cd977d242b7 vn="Variante von Win32/AdWare.CycloneAd.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Stefan\AppData\Local\ContextFree\nvcmd.exe.vir"
sh=58EB1347A55242A9764930671564048F7718848F ft=1 fh=2126ffaf7f10baa4 vn="Variante von Win32/Adware.CycloneAd.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Stefan\AppData\Local\ContextFree\windoclib.exe.vir"
sh=C5AA96F17ED2B68CA4C839EA7394F4534B4F5C3F ft=1 fh=57a85fb4fd4bc01c vn="Variante von Win64/Systweak.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=E1EE9FFB7521CD6E355FCE47F2E1F35F1BC1AAD1 ft=1 fh=c71c00110ade7ada vn="Win32/TrojanDownloader.Wauchos.Q Trojaner" ac=I fn="C:\Users\Stefan\dxazlfq.exe"
sh=E1EE9FFB7521CD6E355FCE47F2E1F35F1BC1AAD1 ft=1 fh=c71c00110ade7ada vn="Win32/TrojanDownloader.Wauchos.Q Trojaner" ac=I fn="C:\Users\Stefan\dxfgihc.exe"
sh=E1EE9FFB7521CD6E355FCE47F2E1F35F1BC1AAD1 ft=1 fh=c71c00110ade7ada vn="Win32/TrojanDownloader.Wauchos.Q Trojaner" ac=I fn="C:\Users\Stefan\dxzyeqt.exe"
sh=0BFF84AA6CC4CCF580EAE2FBF4C129FA6EA612C4 ft=1 fh=9fe1a4845276fe8f vn="Win32/Adware.ADON evtl. unerwÃ¼nschte Anwendung" ac=I fn="E:\Download\Unlocker1.9.1-x64.exe"
sh=4A693EC98C747851A490670E3A7184792DD8E22F ft=1 fh=f16e220bdbe45c69 vn="Variante von Win32/Systweak.M evtl. unerwÃ¼nschte Anwendung" ac=I fn="E:\Download\wzsysutil.exe"

deeprybka · 11.01.2016, 23:53

Schritt 1

Bitte starte FRST erneut, markiere auch die checkbox

und drücke auf Untersuchen.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Pumuckl57 · 12.01.2016, 09:12

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
durchgeführt von Stefan (Administrator) auf PRIVAT (12-01-2016 09:06:51)
Gestartet von C:\Trojaner Board
Geladene Profile: Stefan (Verfügbare Profile: Stefan)
Platform: Windows 8.1 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Windows\oem.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2015-08-03] (Hewlett-Packard )
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2015-03-28] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2015-08-03] (IDT, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-23] (Oracle Corporation)
HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2899136 2015-08-15] (Valve Corporation)
HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\Run: [EPSON SX420W Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE [224768 2015-09-22] (SEIKO EPSON CORPORATION)
IFEO\SppExtComObj.exe: [Debugger] SppHook.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardOS API.lnk [2014-04-17]
ShortcutTarget: CardOS API.lnk -> C:\Program Files\Siemens\CardOS API\bin\siecacst.exe (Siemens IT Solutions and Services GmbH)
Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk [2014-08-26]
ShortcutTarget: Picture Motion Browser Medien-Prüfung.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{23733C74-886E-4B65-A5C5-9AADCC25EEDF}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2620496672-2744858316-2536672267-1001 -> {29618F75-CCD5-477E-A67F-0C0B27CE9ACD} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2620496672-2744858316-2536672267-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\i25vx326.default-1430134795022
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\i25vx326.default-1430134795022\searchplugins\yahoo-ysp.xml [2015-11-23]
FF Extension: Adblock Plus - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\i25vx326.default-1430134795022\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-17]

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> google.com___
CHR Profile: C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-08]
CHR Extension: (Google Docs) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-08]
CHR Extension: (Google Drive) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-08]
CHR Extension: (YouTube) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-08]
CHR Extension: (Google-Suche) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-08]
CHR Extension: (Google Tabellen) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-08]
CHR Extension: (Google Docs Offline) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-08]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-08]
CHR Extension: (Yahoo Web) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2016-01-08]
CHR Extension: (Google Mail) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-08]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-11] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-07] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2056376 2015-11-26] (Comodo)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-10-17] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2015-08-03] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2015-08-03] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2015-08-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2015-08-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2015-08-03] (IDT, Inc.) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-12] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 A38CCID; C:\Windows\system32\DRIVERS\a38ccid.sys [62976 2015-04-18] (Advanced Card Systems Ltd.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-11-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [828144 2015-11-18] (COMODO)
R1 cmdhlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-04] ()
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO)
S0 kebzlm; kein ImagePath
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-15] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-12] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-15] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2015-08-03] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S0 prohlp02; C:\Windows\SysWOW64\drivers\prohlp02.sys [70400 2004-04-08] (Protection Technology) [Datei ist nicht signiert]
S0 prosync1; C:\Windows\SysWOW64\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [Datei ist nicht signiert]
S0 sfhlp01; C:\Windows\SysWOW64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [Datei ist nicht signiert]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-08-12] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-08-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-08-12] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Stefan\AppData\Local\Temp\ALSysIO64.sys [X]
S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-12 09:05 - 2016-01-12 09:06 - 00000000 ____D C:\FRST
2016-01-11 19:20 - 2016-01-11 19:20 - 00373597 _____ C:\Users\Stefan\Downloads\TV_Die.Bergung.der.Costa.Concordia.German.DOKU.720p.HDTV.x264-UTOPiA.nzb
2016-01-11 19:20 - 2016-01-11 19:20 - 00307941 _____ C:\Users\Stefan\Downloads\TV_Das.Raetsel.der.Spider.Rocks.GERMAN.DOKU.720p.WebRip.x264-BTVG.nzb
2016-01-11 19:19 - 2016-01-11 19:19 - 00114060 _____ C:\Users\Stefan\Downloads\TV_Faszination.Kanada.E01.Die.Arktis.Expedition.in.die.Nordwestpassage.GERMAN.DOKU.WS.HDTVRip.x264-TMSF.nzb
2016-01-11 19:18 - 2016-01-11 19:18 - 00091869 _____ C:\Users\Stefan\Downloads\TV_Revolverhelden.Legenden.des.Wilden.Westens.S02E03.Bat.Masterson.GERMAN.DOKU.HDTVRip.x264-MDGP.nzb
2016-01-11 19:17 - 2016-01-11 19:17 - 00089731 _____ C:\Users\Stefan\Downloads\TV_Crazy.Food.Die.verruecktesten.Restaurants.der.Welt.S01E02.GERMAN.DOKU.HDTV.x264-KiTCHEN.nzb
2016-01-11 17:36 - 2016-01-11 17:36 - 02870984 _____ (ESET) C:\Users\Stefan\Downloads\esetsmartinstaller_deu.exe
2016-01-10 20:03 - 2016-01-10 21:49 - 00000000 ____D C:\Trojaner Board
2016-01-10 09:58 - 2016-01-10 09:58 - 00554546 _____ C:\Users\Stefan\Downloads\Filme_Der Eiserne Ritter Von Falworth (1954) AVI.nzb
2016-01-10 09:58 - 2016-01-10 09:58 - 00290653 _____ C:\Users\Stefan\Downloads\Filme_Die.Prinzessin.mit.dem.goldenen.Stern (1959) CSSR DEFA.nzb
2016-01-10 09:57 - 2016-01-10 09:57 - 00496542 _____ C:\Users\Stefan\Downloads\Filme_Agatha Christie-Toedliche Safari-1989-Filmklassisker.nzb
2016-01-10 09:54 - 2016-01-10 09:54 - 00149290 _____ C:\Users\Stefan\Downloads\TV_Drogen.im.Visier.S07E04.Spring.Break.Deals.GERMAN.DOKU.HDTVRip.x264-MDGP.nzb
2016-01-10 09:53 - 2016-01-10 09:53 - 00279998 _____ C:\Users\Stefan\Downloads\TV_Entfuehrt.im.Irak.311.Tage.Nervenkrieg.German.DOKU.720p.HDTV.x264-UTOPiA.nzb
2016-01-10 09:52 - 2016-01-10 09:52 - 00217575 _____ C:\Users\Stefan\Downloads\TV_Mountain.Men.-.Ueberleben.in.der.Wildnis.S04E08.Ausgehungert.GERMAN.DOKU.HDTVRip.x264-RiO.nzb
2016-01-09 21:02 - 2016-01-09 21:06 - 00000000 ____D C:\ProgramData\SecTaskMan
2016-01-08 15:51 - 2016-01-08 15:51 - 00115293 _____ C:\Users\Stefan\Downloads\TV_17.000.Kilometer.Kanada.E01.Kaempfen.Jagen.Ueberleben.German.DOKU.WS.HDTVRip.x264-OMGtv.nzb
2016-01-04 19:32 - 2016-01-04 19:32 - 00000000 _____ C:\autoexec.bat
2016-01-04 19:31 - 2016-01-04 19:31 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Enigma Software Group
2016-01-04 19:30 - 2016-01-04 19:31 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-01-04 19:28 - 2016-01-11 14:15 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-12-16 10:58 - 2016-01-07 08:39 - 00000350 _____ C:\Windows\Tasks\HPCeeScheduleForStefan.job
2015-12-16 10:58 - 2016-01-06 17:08 - 00003166 _____ C:\Windows\System32\Tasks\HPCeeScheduleForStefan

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-12 09:05 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2016-01-12 08:59 - 2014-03-31 18:25 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2016-01-12 08:51 - 2014-05-17 17:51 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-12 08:50 - 2015-05-25 19:21 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-12 08:50 - 2013-12-25 17:04 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-12 08:50 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-12 07:40 - 2015-05-25 19:21 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-12 07:22 - 2014-06-04 07:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-12 06:07 - 2013-12-25 02:38 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4D2B7B8E-79AF-4D0E-A59A-E31AB7216E22}
2016-01-11 21:14 - 2014-02-26 10:48 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\vlc
2016-01-11 20:43 - 2013-12-22 13:54 - 02139696 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-11 20:43 - 2013-09-30 04:58 - 01032826 _____ C:\Windows\system32\perfh007.dat
2016-01-11 20:43 - 2013-09-30 04:58 - 00248774 _____ C:\Windows\system32\perfc007.dat
2016-01-11 20:43 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-01-11 20:35 - 2014-05-28 14:19 - 00000000 ____D C:\Users\Stefan\AppData\Local\QuickPar
2016-01-11 19:41 - 2013-12-23 22:14 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2620496672-2744858316-2536672267-1001
2016-01-10 19:19 - 2013-12-22 17:33 - 00008704 _____ C:\Windows\SppHook.exe
2016-01-10 11:14 - 2015-11-26 09:23 - 00000776 _____ C:\Users\Stefan\Desktop\Challenge 16.lnk
2016-01-09 16:05 - 2014-04-06 10:05 - 04174900 _____ C:\Windows\system32\Drivers\fvstore.dat
2016-01-08 19:56 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-01-07 23:01 - 2015-05-26 10:46 - 00000000 ____D C:\AdwCleaner
2016-01-04 19:31 - 2013-12-23 22:08 - 00000000 ____D C:\Users\Stefan
2015-12-30 08:37 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-30 08:33 - 2015-11-12 18:26 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-30 08:33 - 2015-11-12 18:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-29 11:23 - 2014-06-04 07:41 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-27 16:14 - 2014-03-25 17:01 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\dvdcss
2015-12-21 19:52 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-12-17 20:15 - 2015-04-05 18:49 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-17 20:15 - 2015-04-05 18:49 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-17 12:46 - 2015-05-25 19:24 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-15 22:55 - 2015-04-27 10:30 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\ObviousIdea

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-11-22 01:32 - 2015-11-22 01:32 - 0000017 _____ () C:\Users\Stefan\AppData\Local\resmon.resmoncfg

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Stefan\dxazlfq.exe
C:\Users\Stefan\dxfgihc.exe
C:\Users\Stefan\dxzyeqt.exe


Einige Dateien in TEMP:
====================
C:\Users\Stefan\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Stefan\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Stefan\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Stefan\AppData\Local\Temp\SDShelEx-x64.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-01-10 13:54

==================== Ende von FRST.txt ============================

Pumuckl57 · 12.01.2016, 09:36

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-01-2015
durchgeführt von Stefan (2016-01-12 09:07:30)
Gestartet von C:\Trojaner Board
Windows 8.1 Pro (X64) (2013-12-23 21:08:57)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2620496672-2744858316-2536672267-500 - Administrator - Disabled)
Gast (S-1-5-21-2620496672-2744858316-2536672267-501 - Limited - Disabled)
Stefan (S-1-5-21-2620496672-2744858316-2536672267-1001 - Administrator - Enabled) => C:\Users\Stefan

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
AirXonix version 1.37G (HKLM-x32\...\AirXonix_is1) (Version:  - )
AllDup 3.3.14 (HKLM-x32\...\AllDup_is1) (Version: 3.3.14 - Michael Thummerer Software Design)
Alt.Binz 0.39.4 (HKLM-x32\...\Alt.Binz) (Version: 0.39.4 - Rdl)
CardOS API (Version: 3.3.018 - Siemens IT Solutions and Services GmbH) Hidden
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 46.9.15.424 - Comodo)
COMODO Internet Security Premium (HKLM\...\{8899F0F2-03D8-4DDE-ADCA-4F0A7CE18A74}) (Version: 7.0.51350.4115 - COMODO Security Solutions Inc.)
Core Temp version 0.99.8 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.8 - Arthur Liberman)
Depths of Betrayal (HKLM-x32\...\{7EF17D39-44BB-4E4B-9FB7-7082550024C9}) (Version: 1.00.0000 - PurpleHills)
Der Mondkalender 2.0 (HKLM-x32\...\InstallShield_{C91D774B-69EF-4DC8-A8B2-5A2FA5279264}) (Version: 1.00.0000 - USM)
Der Mondkalender 2.0 (x32 Version: 1.00.0000 - USM) Hidden
Dike 5.5.0 (HKLM-x32\...\{3163143A-EA7F-4CED-B7BD-AEA38B4E0B5D}) (Version: 5.5.0 - InfoCert S.p.A)
Epson Easy Photo Print 2 (HKLM-x32\...\{310C1558-F6B5-4889-98B0-7471966BA7F2}) (Version: 2.2.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX420W Series Handbuch (HKLM-x32\...\EPSON SX420W Series Manual) (Version:  - )
EPSON SX420W Series Netzwerk-Handbuch (HKLM-x32\...\EPSON SX420W Series Network Guide) (Version:  - )
EPSON SX420W Series Printer Uninstall (HKLM\...\EPSON SX420W Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.2 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Free AVI Video Converter version 5.0.59.525 (HKLM-x32\...\Free AVI Video Converter_is1) (Version: 5.0.59.525 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Golden Trails 2 (HKLM-x32\...\Golden Trails 2) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GTR Evolution (HKLM-x32\...\GTR Evolution_1.1.1.2_is1) (Version:  - SimBin)
GTR Evolution (HKLM-x32\...\Steam App 8660) (Version:  - SimBin)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.1.40.3 - Hewlett-Packard Company)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Light Image Resizer 4.6.7.0 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.6.7.0 - ObviousIdea)
MahJongg Master 4 (HKLM-x32\...\MahJongg Master 4_is1) (Version:  - eGames)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works Kalender 1.0 (HKLM-x32\...\Works Calendar) (Version:  - )
Microsoft Works Setup Launcher (HKLM-x32\...\Works99Setup) (Version:  - )
miniLector (Version: 3.0.0 - Bit4Id) Hidden
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MultiPar Version 1.2.4.7 (HKLM-x32\...\{AAFC96BF-C615-4D77-9A55-C692A7B26FC5}_is1) (Version: 1.2.4.7 - Yutaka Sawada)
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
Neverball (HKLM-x32\...\Neverball) (Version:  - )
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
quifoto.it (HKLM-x32\...\it.quifoto.editor.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.6.7 - myphotobook GmbH)
quifoto.it (x32 Version: 1.6.7 - myphotobook GmbH) Hidden
RACE 07 - Formula RaceRoom Add-On (HKLM-x32\...\Steam App 44630) (Version:  - )
RACE 07 (HKLM-x32\...\Steam App 8600) (Version:  - SimBin)
Race Driver 3 (HKLM-x32\...\{A137D52E-FA96-4815-85F5-E7B8F66837DB}) (Version: 1.00.0000 - Codemasters)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Ski Challenge 12 (AT) (HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\sc12-AT_MAIN) (Version:  - )
Ski Challenge 14 (HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\sc14-GAMETWIST_MAIN) (Version:  - )
Ski Challenge 15 (HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\sc15-GAMETWIST_MAIN) (Version:  - )
Ski Challenge 16 (HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\sc16-GAMETWIST_MAIN) (Version:  - )
Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.0.00.10020 - Sony Corporation)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.10.4584 - Enigma Software Group, LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - ACS (A38CCID) SmartCardReader  (12/16/2009 1.1.6.5) (HKLM\...\F02CC611741E33C64CDEAEEE2C7A46E41719B2CC) (Version: 12/16/2009 1.1.6.5 - ACS)
Windows-Treiberpaket - ACS (ACSSCR) SmartCardReader  (01/17/2007 1.1.5.9) (HKLM\...\3BD7308AF0777D24D780B4C4F2C71336B1848E27) (Version: 01/17/2007 1.1.5.9 - ACS)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0018AB2E-434C-41C9-85F0-49F0197954EB} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)
Task: {02611EA7-06A8-46C7-B3C7-EFC5095067EF} - System32\Tasks\HPCeeScheduleForStefan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-08-03] (Hewlett-Packard)
Task: {03BD76AE-D4BD-4667-9868-3E59606C7495} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {13D31055-5345-4A00-89AA-503E5793BC7D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-26] (Google Inc.)
Task: {15564071-2723-4552-9930-A2060BC329F2} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-07] (COMODO)
Task: {1ED3EDB0-6462-45BC-81C4-CDC474FF6671} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-17] (Hewlett-Packard)
Task: {274DD30E-6946-4294-A1B3-8C0D75407B52} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-07] (COMODO)
Task: {3B1217C4-8180-4516-87AF-CE018314C64B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-10-17] (Hewlett-Packard Company)
Task: {40BB3E76-FE1B-4471-81F8-4707FC1F70BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-29] (Adobe Systems Incorporated)
Task: {4BCD17E2-D0E4-4083-9A90-899C1DD79F04} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-23] (Oracle Corporation)
Task: {5AC59849-3BA5-4396-8633-08B6E69EECC1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-12-08] (Microsoft Corporation)
Task: {6BF8CDE9-C4AA-4270-A773-5FDBC509AC82} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-11-08] (Adobe Systems Incorporated)
Task: {6FEA9EB9-7AF8-4F51-9BF6-D67128683581} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-11-08] (Adobe Systems Incorporated)
Task: {74C0EE3D-F78D-4120-8311-61FA9FE9C36B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-17] (Microsoft Corporation)
Task: {7E949E90-7B1F-48FF-91CF-AA2080C28457} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-26] (Google Inc.)
Task: {80D97481-2186-4B2B-BD01-0202AF046F8A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-10-17] (Hewlett-Packard Company)
Task: {82CF28F6-8466-4D89-A789-4FE2B4F144CD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)
Task: {842A1711-47DA-43A8-B64D-E304B94F4B1E} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)
Task: {88B07CD8-9D8F-493C-A911-9DB027D35183} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-10-20] (Hewlett-Packard)
Task: {8DDBCD28-E576-4DCE-89B8-D557BAE2EAEE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-12-03] (HP Inc.)
Task: {8F9410B3-0366-4AAA-9D35-97F295401A8E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9667ABE1-ED33-4D48-8748-9F6E0A7CAB29} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-17] (Microsoft Corporation)
Task: {9DB46CD8-B500-4A9C-BBED-259E202FB382} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-17] (Hewlett-Packard)
Task: {B9082931-6747-4E43-BADA-8898A9D45DAC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BAE31404-F969-4E46-9415-FB6343DE95B9} - System32\Tasks\OEM => C:\Windows\oem.exe [2013-12-22] ()
Task: {EF53A34D-4B7F-4B80-BF37-307D5CA038F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-12-03] (HP Inc.)
Task: {F15E1EB4-DF8C-411C-95FC-FA79F14A2C55} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForStefan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-12-22 00:56 - 2013-12-22 17:45 - 00517862 _____ () C:\Windows\oem.exe
2013-04-15 16:39 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-08-03 12:28 - 2015-08-03 12:28 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-12-17 12:46 - 2015-12-11 04:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-17 12:46 - 2015-12-11 04:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\autoexec.bat:$CmdTcID
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\HelpPane.exe:$CmdTcID
AlternateDataStreams: C:\Windows\hh.exe:$CmdTcID
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\regedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SppHook.exe:$CmdTcID
AlternateDataStreams: C:\Windows\sttray64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\twain_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\winhlp32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\write.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acledit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aclui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acppage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ActionQueue.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\activeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adhapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adhsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adrclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advpack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aecache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AepRoam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aitagent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\alg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AltTab.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amstream.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppIdPolicyEngineApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appmgmts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppReadiness.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appsruprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppXDeploymentExtensions.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppXDeploymentServer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxStreamingDataSourcePS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxSysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aspnet_counters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\at.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\attrib.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditcse.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuditNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuditPolicyGPInterop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthHostProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AutoWorkplaceN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\avrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AxInstSv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AxInstUI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\baaupdate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcdboot.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcdprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcdsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdechangepin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BdeHdCfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BdeHdCfgLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bderepair.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdesvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BdeSysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BdeUISrv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdeunlock.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BitLockerDeviceEncryption.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BitLockerWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BitLockerWizardElev.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blb_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bootim.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BootMenuUX.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bootsect.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bootux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\brdgcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bridgeunattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BrokerLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthHFSrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthpanapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthpanContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthRadioMedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthSQM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BulkOperationHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cabview.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cacls.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\calc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\capisp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cca.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certca.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ceutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\change.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chartv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chcp.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chglogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chgport.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chgusr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chkwudrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\choice.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CIRCoInst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cofire.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cofiredm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\colbact.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\colorui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\combase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comcat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\compact.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CompMgmtLauncher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\compstui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ConsentUX.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\console.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\control.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\convert.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\correngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptcatsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CscMig.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CSystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cttune.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dab.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DAConn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dafBth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dafupnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dafWCN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dafWfdProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DAFWSD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DAMM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\das.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dasHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\datusage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dccw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddpchunk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddptrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddputils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddp_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Defrag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\defragproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\defragsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\desk.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceDriverRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceEject.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceElementSource.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deviceregistration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceSetupManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceSetupManagerAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevPropMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfdts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DFDWiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DfpCommon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DiagCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dialer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dinput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\discan.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dispci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dispdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dispex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Display.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\djoin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DMRServer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnshc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\docprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\doskey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Dot3Conn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3mm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvcfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DscCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DscCoreConfProv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DsmUserTask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsound.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dssec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dswave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dui70.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\duser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmredir.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxgwdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DXP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxpps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Dxpserver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Eap3Host.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\easconsent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\easinvoker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\easinvoker.proxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efslsaext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efssvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efsui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\elslad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\embeddedapplauncher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EmbeddedAppLauncherConfig.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\encapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\energy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\energyprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\energytask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\es.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EventAggregation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\expand.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\E_GCINST.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\E_IBCBGCE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdPHost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FDResPub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\feclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhautoplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhcat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhcleanup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhengine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhevents.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhlisten.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhmanagew.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhshl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhsrchapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhsrchph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhsvcctl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhtask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FileAppxStreamingDataSource.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\find.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\finger.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Firewall.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontview.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\format.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fphc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\frprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fsavailux.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fthsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fvecerts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fvecpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fvenotify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveprompt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveskybackup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fvewiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOMPOSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSMON.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSROUTE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSST.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSSVC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXST30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSTIFF.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSUNATD.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSUTILITY.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gacinstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\getmac.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\getuname.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\glu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpprefcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gptext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Groupinghc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\help.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hgprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hotplug.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hotspotauth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\httpprxm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\httpprxp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\htui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hwrcomp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hwrreg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ias.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasads.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icacls.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icfupgd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icmui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IdListen.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\idndl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igdDiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\immersivetpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\intl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipnathlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\irclass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\irftp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\irmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsiexe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\itircl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\itss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iuilp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\joy.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDAZST.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KdsCli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kd_02_8086.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\keepaliveprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernelceip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KeyboardFilterCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KeyboardFilterSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\klist.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KMSVC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\label.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LangCleanupSysprepAction.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ListSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\livessp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LldpNotify.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lltdapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lltdsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lmhsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Locator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LockScreenContent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LockScreenContentHost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LockScreenContentServer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logagent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\loghours.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logoff.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LogonUI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpkinstall.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpksetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpksetupproxyserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpremove.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\main.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaintenanceUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\makecab.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\manage-bde.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MbaeParserTask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MbaeXmlParser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mblctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\McxDriv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MDEServer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MDMAgent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MdRes.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MdSched.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MemoryDiagnostic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\microsoft-windows-system-events.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\midimap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\migflt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mispace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\miutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mlang.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mode.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\modemui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\montr_ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\more.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpnotify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msauserext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msched.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSchedExe.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msconfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdart.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdri.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtckrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtclog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msg711.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsiCofire.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msident.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msidle.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msisip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msls31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msports.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msra.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrahc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssha.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msTextPrediction.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msutb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MUILanguageCleanup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MultiDigiMon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nbtstat.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcaSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncbservice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcdAutoSetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncuprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NdisImPlatform.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nduprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\net.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\net1.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netbios.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetEvtFwdr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netprofmsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetSetupApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netsh.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nettrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetVscCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetworkStatus.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\newdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\newdev.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ninput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlahc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nltest.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nrpsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nsisvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvapi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuvenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvEncodeAPI64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvIFROpenGL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvinitx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglshim64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvvsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\offreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\onexui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OptionalFeatures.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\P2P.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\p2psvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\panmap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcsvDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcwrun.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcwutl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDist.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistAD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistCacheProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistCleaner.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistHttpTrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistSh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PeerDistWSDDiscoProv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PhotoMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PING.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pla.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\plasrv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ploptin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pmcsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpclean.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnppolicy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnPutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PNPXAssoc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PNPXAssocPrx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnrpauto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Pnrphc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnrpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pots.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ppcsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\print.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintBrmUi.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintDialogHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printfilterpipelineprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printfilterpipelinesvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintIsolationHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintIsolationProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prncache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\procinst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvcext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\proquota.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\provcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityServicePal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityUxHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psmsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pstask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PurchaseWindowsLicense.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PurchaseWindowsLicense.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pwlauncher.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pwlauncher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pwsso.dll:$CmdTcID

Pumuckl57 · 12.01.2016, 09:40

Code:

ATTFilter

AlternateDataStreams: C:\Windows\system32\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qappsrv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qprocess.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Query.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\query.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quser.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qwave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qwinsta.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\radardt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rapiproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rapistub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasauto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rascustom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\raserver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmbmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RASMM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdbui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcfgex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpclip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpinput.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RDSAppXHelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdsdwmdr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RDSPnf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ReAgentTask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\recimg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\recover.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\recovery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RecoveryDrive.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\reg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regidle.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regini.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RelPost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\repair-bde.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\replace.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\reset.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\reseteng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\resmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\resutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rfxvmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\riched32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rmttpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RoamingSecurity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RotMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RpcEpMap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rtm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtNicProp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\runas.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\runonce.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RuntimeBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rwinsta.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sas.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SCardSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sccls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ScDeviceEnum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scksp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scripto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrptadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdhcinst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdiagschd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Sens.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SensorsClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sensrsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\serialui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sessionmsg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SetNetworkLocation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SetProxyCredential.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setspn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingsHandlers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sfc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sharemediacpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shgina.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sigverif.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SkyDrive.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SkyDriveTelemetry.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SlideToShutDown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slpts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartCardSimulator.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smbwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmsDeviceAccessRevocation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SMSRouter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SnippingTool.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\snmptrap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SNTSearch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\softpub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sort.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SoundRecorder.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SpaceAgent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SpaceControl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spmpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spoolss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spopk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sppnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sppsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sppwinob.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRH.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srhelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srmclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srmscan.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srmshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srmstormod.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srmtrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srm_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SrpUxNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srrstr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SrTasks.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sscoreext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssdpsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sstpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\st646496.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\stapi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\stapo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\stclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sti.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StikyNot.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sti_ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\stobject.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\storewuauth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\streamci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SubscriptionMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\subst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\svchost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\svsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\swprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxssrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\syncui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\syskey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SysResetErr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemEventsBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systemreset.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettings.Handlers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlows.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettingsDatabase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettingsRemoveDevice.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systray.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Tabbtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TabbtnEx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tabcal.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TabletPC.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TabSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\takeown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapilua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskbarcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskhostex.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TcpipSetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tdc.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TetheringIeProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TetheringMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TetheringStation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themeservice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TimeBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\timeout.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TimeSyncTask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TpmTasks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tpmvsc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tpmvscmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\traffic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tree.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\trkwks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tscfgwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tscon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsdiscon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tskill.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twinui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\txflog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzsync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ufat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UI0Detect.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uicom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uireng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ulib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpoext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpowmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umrdp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unattend.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\upnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ureg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\userinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\utildll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uudf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VAN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Vault.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VaultCmd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VaultRoaming.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vaultsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsbas.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsdyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsldr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\verifier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\verifier.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\version.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmbuspipe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VmdCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmictimeprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmrdvcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vpnike.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\w32time.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WallpaperHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WavDest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wbadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wbengine.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wbiosrvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcescommproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcmcsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcmsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnEapAuthProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnEapPeerProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdiasqmmodule.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wecsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wephostsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\werconcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wercplsupport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wersvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\werui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WFS.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\where.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\whoami.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiarpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WiFiDisplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wimserv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winbici.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winbio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.Renewal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Vpn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.Input.Inking.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winethc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogonext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winmm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsku.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winspool.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wisp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\witnesswmiv2provider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wkspbroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WLanHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WlanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlansvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlansvcpal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wldp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlrmdr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmcoinst-070531-0952.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmicmiplugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WofTasks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WofUtil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\workerdd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WorkFolders.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WorkfoldersControl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WorkFoldersGPExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WorkFoldersShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\workfolderssvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpcMon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpcWebSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpncore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpninprc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpnprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpnsruprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\write.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSCollect.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDMon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDPrintProxy.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDScanProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsepno.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wship6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshnetbs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsqmcons.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSReset.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFx02000.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUSettingsProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwancfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwanconn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WWanHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwaninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwanmm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wwanpref.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WwanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\acledit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aclui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\acppage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\activeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adrclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advpack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amstream.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppIdPolicyEngineApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appmgmts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aspnet_counters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\at.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\attrib.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\audiodev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuditNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuditPolicyGPInterop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\avrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\azroles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bcd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\browcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\browseui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cabview.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cacls.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\calc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\capisp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cca.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certca.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certreq.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ceutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\chartv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\chcp.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\choice.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cipher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\colbact.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\colorui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\combase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comcat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\compact.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\compstui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comuid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\connect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\console.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\control.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\convert.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cttune.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dim700.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dramp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dxof.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dccw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\desk.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dialer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dinput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dispex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Display.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmband.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmcompos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmime.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmstyle.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\docprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\doskey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dplaysvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dplayx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpmodemx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpwsockx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsound.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dssec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dswave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dui70.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\duser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efsui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\elslad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\encapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\es.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\esent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\expand.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\feclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\find.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\findstr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\finger.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontview.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\format.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fphc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\frprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ftp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSEXT32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSXP32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gameux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\getmac.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\getuname.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\glu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpprefcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gptext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\help.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hh.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\htui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ias.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasads.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iassam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icacls.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iccvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icmui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\idndl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\intl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir32_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir41_32.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir41_qc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir41_qcx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir50_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir50_qc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir50_qcx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\irclass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\itircl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\itss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\joy.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZST.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KeyboardFilterCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\label.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\localsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logagent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\loghours.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\main.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\makecab.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID

Pumuckl57 · 12.01.2016, 09:41

Code:

ATTFilter

AlternateDataStreams: C:\Windows\SysWOW64\midimap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mispace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\miutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mlang.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mode.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\modemui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\more.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscpxl32.dLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdart.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msg711.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msident.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msidle.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msisip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msls31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msports.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msra.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscript.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssha.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msutb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxlegih.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\net.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\net1.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netbios.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netsh.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\newdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\newdev.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ninput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvIFROpenGL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvinit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvoglshim32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvumdshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcji32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcjt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oddbse32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odexl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odfox32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odpdx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odtext32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\offreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\olecli32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\olesvr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\olethk32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\onex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\onexui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\P2P.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\panmap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PeerDist.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PeerDistSh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PING.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pla.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pots.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\print.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PrintConfig.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\printui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\printui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prncache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\profapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\profext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\propsys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\proquota.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\provcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Query.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qwave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\radardt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rapiproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rapistub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\raschap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\raserver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\recover.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\reg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regini.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\replace.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\resmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\resutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\riched20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\riched32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rtm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\runas.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\runonce.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\samcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sas.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sbe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scecli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scksp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scripto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrptadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\serialui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sethc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sfc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shgina.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\slpts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\smphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\softpub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sort.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spopk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SRH.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srmclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srmscan.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srmshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srmstormod.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srmtrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srm_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SrpUxNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\stclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sti.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\stobject.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\subst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sud.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\svchost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\syncui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\syskey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\systray.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\takeown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tdc.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\themeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\timeout.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\traffic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tree.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twinui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\txflog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ufat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uicom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uireng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ulib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\untfs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\upnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ureg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usbui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\userenv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\userinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\utildll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uudf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VAN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Vault.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vdmdbg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\verifier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\verifier.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\version.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wcescommproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\werui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\where.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\whoami.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winbio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winmm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsku.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winspool.drv:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wisp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\write.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wship6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wusa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\a38ccid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\agilevpn.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ahcache.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bridge.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bthhfenum.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Classpnp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\csc.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dumpsd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\EsgScanner.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fltMgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fsdepends.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidbth.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\i8042prt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorA.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\intelpep.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\kbdclass.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mouclass.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mouhid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mpsdrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mslldp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndiscap.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\NdisImPlatform.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndistapi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndproxy.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Ndu.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netbios.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netvsc63.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nsiproxy.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nwifi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\pacer.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\pdc.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\qwavedrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rasacd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rasl2tp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rassstp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\refs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rootmdm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Rt630x64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\scfilter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\sdbus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\sermouse.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\spaceport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\storvsp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\stwrt64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\swenum.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tbs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TeeDriverx64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tpm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbGD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tunnel.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\UCX01000.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\udfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBHUB3.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBXHCI.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vhdmp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmbkmcl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmbus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmstorfl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vpci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wanarp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdBoot.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdFilter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdNisDrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wfplwfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wimmount.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\winhv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wpcfltr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Users\Stefan\dxazlfq.exe:$CmdTcID
AlternateDataStreams: C:\Users\Stefan\dxfgihc.exe:$CmdTcID
AlternateDataStreams: C:\Users\Stefan\dxzyeqt.exe:$CmdTcID
AlternateDataStreams: C:\Users\Stefan\Downloads\esetsmartinstaller_deu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Stefan\Downloads\esetsmartinstaller_deu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Stefan\Downloads\Filme_Agatha Christie-Toedliche Safari-1989-Filmklassisker.nzb:$CmdZnID
AlternateDataStreams: C:\Users\Stefan\Downloads\Filme_Der Eiserne Ritter Von Falworth (1954) AVI.nzb:$CmdZnID
AlternateDataStreams: C:\Users\Stefan\Downloads\Filme_Die.Prinzessin.mit.dem.goldenen.Stern (1959) CSSR DEFA.nzb:$CmdZnID
AlternateDataStreams: C:\Users\Stefan\Downloads\TV_17.000.Kilometer.Kanada.E01.Kaempfen.Jagen.Ueberleben.German.DOKU.WS.HDTVRip.x264-OMGtv.nzb:$CmdZnID
AlternateDataStreams: C:\Users\Stefan\Downloads\TV_Crazy.Food.Die.verruecktesten.Restaurants.der.Welt.S01E02.GERMAN.DOKU.HDTV.x264-KiTCHEN.nzb:$CmdZnID
AlternateDataStreams: C:\Users\Stefan\Downloads\TV_Das.Raetsel.der.Spider.Rocks.GERMAN.DOKU.720p.WebRip.x264-BTVG.nzb:$CmdZnID
AlternateDataStreams: C:\Users\Stefan\Downloads\TV_Die.Bergung.der.Costa.Concordia.German.DOKU.720p.HDTV.x264-UTOPiA.nzb:$CmdZnID
AlternateDataStreams: C:\Users\Stefan\Downloads\TV_Drogen.im.Visier.S07E04.Spring.Break.Deals.GERMAN.DOKU.HDTVRip.x264-MDGP.nzb:$CmdZnID
AlternateDataStreams: C:\Users\Stefan\Downloads\TV_Entfuehrt.im.Irak.311.Tage.Nervenkrieg.German.DOKU.720p.HDTV.x264-UTOPiA.nzb:$CmdZnID
AlternateDataStreams: C:\Users\Stefan\Downloads\TV_Faszination.Kanada.E01.Die.Arktis.Expedition.in.die.Nordwestpassage.GERMAN.DOKU.WS.HDTVRip.x264-TMSF.nzb:$CmdZnID
AlternateDataStreams: C:\Users\Stefan\Downloads\TV_Mountain.Men.-.Ueberleben.in.der.Wildnis.S04E08.Ausgehungert.GERMAN.DOKU.HDTVRip.x264-RiO.nzb:$CmdZnID
AlternateDataStreams: C:\Users\Stefan\Downloads\TV_Revolverhelden.Legenden.des.Wilden.Westens.S02E03.Bat.Masterson.GERMAN.DOKU.HDTVRip.x264-MDGP.nzb:$CmdZnID

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\Control Panel\Desktop\\Wallpaper -> E:\Foto Family E\Simon 07.10.2015. 10.01, 3.630g\P1080620.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\StartupFolder: => "CardOS API.lnk"
HKLM\...\StartupApproved\StartupFolder: => "AddonNP.lnk"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "BeatsOSDApp"
HKLM\...\StartupApproved\Run: => "Windows Mobile Device Center"
HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PrivDogService"
HKLM\...\StartupApproved\Run32: => "fst_it_204"
HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\StartupApproved\StartupFolder: => "genesis_07151917.lnk"
HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\StartupApproved\StartupFolder: => "Picture Motion Browser Medien-Prüfung.lnk"
HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\StartupApproved\Run: => "EPSON SX420W Series"
HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\StartupApproved\Run: => "framei"
HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\StartupApproved\Run: => "nvcmd"
HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\StartupApproved\Run: => "cntcmd"
HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\StartupApproved\Run: => "genesis_07151917"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{2D1351D8-CF7E-4CC5-8F48-FBCDA0F9E167}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8217E0CC-86A7-48B9-ABF1-279E744C7F04}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{93F474FF-1722-4CDD-B571-FA28E3988D26}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F0E566BC-B5C7-4703-933C-7A462D291509}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{88771030-AB65-4991-8EE2-A310F3DC5710}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8BB2F6A0-87B5-4555-A02C-21648B149D68}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A5B678BB-DAAD-4140-98D0-0F45EC28551C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{79AAC5A3-DEA4-4BE9-800C-CD218934D14B}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{361BD660-1C6D-475B-A403-3E898F390373}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{3F590FCC-3999-4AF0-852E-50791FCEA7C9}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{83961BED-3FC7-4431-ACE0-AD4337A280A7}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{9AD93C85-3E44-43A0-8EFB-CD890FADBE3B}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{96E7D2F6-1EC4-4734-BE23-D4D750F700C7}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{D1D2C072-5067-4D21-84CD-CA1E3C76B49A}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{0E99E9E0-0CA5-4E5F-A164-582D638A1EEF}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{0AFB5CB9-EFE5-440B-BBBB-4571159D4201}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{404198F7-16F5-4D04-883A-09ECCBC50319}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{D34F63BA-5CA1-4590-B789-B19F69E21F40}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{3AE4F548-E2E5-487E-A3F4-8A3CE46FB671}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{7D9F024B-ECD9-4466-AF57-676E76064C28}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{77D30115-3EEE-462C-9ED3-4C192DFBE0C1}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{62C15BB3-8294-4B6C-868F-D50D6C8960E0}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{2F810D24-FD9F-4573-BB07-1B020F4CCD64}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{A0418FC4-DB54-4F74-86F1-4FD1C35429DE}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{6F584601-F9F6-4935-BAFF-A62D124C40F9}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{FEBE048B-E121-48A3-B44A-1C29842B6C00}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{53DC010B-396F-4750-87B0-54C9340F9B69}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{5B7DA6E0-DC4C-4E31-8933-EA4A6921427E}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{EA9C0E0C-A387-4CC1-8A75-F9C04CCB3FA8}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [TCP Query User{1B190E47-920E-45E4-82BE-6E6062A7098C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{396A8F4C-DFDD-412E-89EF-79F4D15AF2B7}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{ACD0F4D0-D8F1-4544-8061-C89744CA1937}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{41A04CEB-CEBF-4D42-8D06-ED9CD2A256D4}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{C3004E82-F96F-4D65-849E-E639D2C42D9A}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{77882835-80B3-411A-BC5F-C04FB95C9D93}] => (Allow) C:\Windows\KMSEmu.exe
FirewallRules: [{239EB5BB-7E34-4F6C-969F-EC1105868316}] => (Allow) C:\Windows\KMSEmu.exe

==================== Wiederherstellungspunkte =========================

30-12-2015 08:36:55 Windows Update
06-01-2016 20:32:14 Geplanter Prüfpunkt
11-01-2016 14:24:31 TuneUp Utilities 2014 wird entfernt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/12/2016 07:53:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 1.8.323.0, Zeitstempel: 0x533c0ef6
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18146, Zeitstempel: 0x5650b9bb
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ec540
ID des fehlerhaften Prozesses: 0x129c
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3
Vollständiger Name des fehlerhaften Pakets: nvstreamsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvstreamsvc.exe5

Error: (01/11/2016 11:33:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 1.8.323.0, Zeitstempel: 0x533c0ef6
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18146, Zeitstempel: 0x5650b9bb
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ec540
ID des fehlerhaften Prozesses: 0xe50
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3
Vollständiger Name des fehlerhaften Pakets: nvstreamsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvstreamsvc.exe5

Error: (01/11/2016 08:07:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (01/11/2016 08:06:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (01/11/2016 08:05:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (01/11/2016 06:17:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (01/11/2016 05:44:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (01/11/2016 05:44:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (01/11/2016 05:44:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (01/11/2016 05:36:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.


Systemfehler:
=============
Error: (01/12/2016 08:49:49 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (01/12/2016 07:53:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%1062

Error: (01/12/2016 06:16:25 AM) (Source: DCOM) (EventID: 10010) (User: Privat)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/12/2016 06:15:55 AM) (Source: DCOM) (EventID: 10010) (User: Privat)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/12/2016 06:04:06 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (01/11/2016 11:29:24 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (01/11/2016 08:17:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (01/11/2016 05:47:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (01/11/2016 05:47:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Stefan\AppData\Local\Temp\ehdrv.sys

Error: (01/11/2016 05:47:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275


CodeIntegrity:
===================================
  Date: 2016-01-12 09:05:36.037
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-12 08:51:05.223
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-11 23:25:01.825
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-11 23:18:10.793
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-11 21:28:01.815
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-11 20:49:22.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-11 20:40:55.827
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-11 20:26:41.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-11 20:03:51.748
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-11 19:09:33.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 21%
Installierter physikalischer RAM: 8131.19 MB
Verfügbarer physikalischer RAM: 6407.48 MB
Summe virtueller Speicher: 9411.19 MB
Verfügbarer virtueller Speicher: 7075.81 MB

==================== Laufwerke ================================

Drive c: (Windows 8.1) (Fixed) (Total:120.12 GB) (Free:23.76 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: () (Fixed) (Total:100.59 GB) (Free:92.07 GB) NTFS
Drive e: (Volume) (Fixed) (Total:710.8 GB) (Free:434.23 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6D4BBC3E)
Partition 1: (Not Active) - (Size=100.6 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=120.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=710.8 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

deeprybka · 12.01.2016, 19:15

Schritt 1

Gib in das Suche-Feld: SppHook.exe;oem.exe ein.
Klicke auf den Datei-Suche Button.
Bitte poste die erstellte Search.txt - Datei in Deiner nächsten Antwort.

Pumuckl57 · 12.01.2016, 19:45

Code:

ATTFilter

Farbar Recovery Scan Tool (x64) Version:07-01-2015
durchgeführt von Stefan (2016-01-12 19:40:31)
Gestartet von C:\Trojaner Board + Programme
Start-Modus: Normal

================== Datei-Suche: "SppHook.exe;oem.exe " =============

C:\Windows\oem.exe
[2013-12-22 00:56][2013-12-22 17:45] 0517862 ____A () DDC83B832C2D00FC17A24DEA870896CB [Datei ist nicht signiert]

C:\Windows\SppHook.exe
[2013-12-22 17:33][2016-01-10 19:19] 0008704 ____A () 8B1804152A5EEEFFC6452351E589D078 [Datei ist nicht signiert]

====== Ende von Suche ======

deeprybka · 13.01.2016, 20:48

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

ATTFilter

CloseProcesses:
IFEO\SppExtComObj.exe: [Debugger] SppHook.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2016-01-04 19:32 - 2016-01-04 19:32 - 00000000 _____ C:\autoexec.bat
2016-01-04 19:31 - 2016-01-04 19:31 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Enigma Software Group
2016-01-04 19:30 - 2016-01-04 19:31 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-01-04 19:28 - 2016-01-11 14:15 - 00000000 ____D C:\Program Files\Enigma Software Group
C:\Users\Stefan\dxazlfq.exe
C:\Users\Stefan\dxfgihc.exe
C:\Users\Stefan\dxzyeqt.exe
Task: {BAE31404-F969-4E46-9415-FB6343DE95B9} - System32\Tasks\OEM => 
C:\Windows\oem.exe
C:\Windows\SppHook.exe
EmptyTemp:

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Entfernen-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Pumuckl57 · 13.01.2016, 21:54

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-01-2015
durchgeführt von Stefan (2016-01-13 21:27:15) Run:1
Gestartet von C:\Trojaner Board + Programme
Geladene Profile: Stefan (Verfügbare Profile: Stefan)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
CloseProcesses:
IFEO\SppExtComObj.exe: [Debugger] SppHook.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2016-01-04 19:32 - 2016-01-04 19:32 - 00000000 _____ C:\autoexec.bat
2016-01-04 19:31 - 2016-01-04 19:31 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Enigma Software Group
2016-01-04 19:30 - 2016-01-04 19:31 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-01-04 19:28 - 2016-01-11 14:15 - 00000000 ____D C:\Program Files\Enigma Software Group
C:\Users\Stefan\dxazlfq.exe
C:\Users\Stefan\dxfgihc.exe
C:\Users\Stefan\dxzyeqt.exe
Task: {BAE31404-F969-4E46-9415-FB6343DE95B9} - System32\Tasks\OEM => 
C:\Windows\oem.exe
C:\Windows\SppHook.exe
EmptyTemp:
*****************

Prozess erfolgreich geschlossen.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SppExtComObj.exe" => Schlüssel erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
C:\autoexec.bat => erfolgreich verschoben
C:\Users\Stefan\AppData\Roaming\Enigma Software Group => erfolgreich verschoben
C:\Windows\system32\Drivers\EsgScanner.sys => erfolgreich verschoben
C:\Program Files\Enigma Software Group => erfolgreich verschoben
C:\Users\Stefan\dxazlfq.exe => erfolgreich verschoben
C:\Users\Stefan\dxfgihc.exe => erfolgreich verschoben
C:\Users\Stefan\dxzyeqt.exe => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BAE31404-F969-4E46-9415-FB6343DE95B9}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAE31404-F969-4E46-9415-FB6343DE95B9}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\OEM => => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OEM => => Schlüssel nicht gefunden. 
C:\Windows\oem.exe => erfolgreich verschoben
C:\Windows\SppHook.exe => erfolgreich verschoben
EmptyTemp: => 447.9 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 21:27:51 ====

Hallo deeprybka
Ich glaube das sieht jetzt wohl gut aus, die Warnung kommt nach dem Neustart nicht mehr. Ich werde es weiterhin kontrollieren. Also Daumen hoch!!! Du hast eine Ausgezeichnete Arbeit geleistet und einen "Anfänger" wie mich ein bisschen gscheiter gmocht. Recht Herzlichen Dank für deine Mühe. Gruß Pumuckl57
Ps. Spende folgt

deeprybka · 14.01.2016, 07:43

Ok.

11.01.2016, 23:53	#33
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	HackTool.KMS Schritt 1 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Untersuchen. Bitte poste mir den Inhalt der beiden Logs die erstellt werden. __________________ __________________

14.01.2016, 07:43	#42
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	HackTool.KMS Ok. __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

HackTool.KMS

Log-Analyse und Auswertung: HackTool.KMS

HackTool.KMS

Eset

HackTool.KMS

Frst 12.01.16

HackTool.KMS

HackTool.KMS

HackTool.KMS

HackTool.KMS

SppHook.exe

HackTool.KMS

HackTool.KMS

HackTool.KMS

Ähnliche Themen: HackTool.KMS